Preserving Enterprise Artifacts Using Digital Twin Technology And Intelligent Smart Contracts

ABSTRACT

Aspects of the disclosure relate to preserving enterprise artifacts using digital twin technology and intelligent smart contracts. The computing platform may receive a stream of internal data and a stream of external data. The computing platform may compare the received internal data and the received external data to historic internal data and historic external data, respectively. The computing platform may identify inconsistencies between the received data and the historic data using a plurality of key performance indicators, and may determine a critical value for each key performance indicator. The computing platform may determine whether the key performance indicator threatens the security of the enterprise artifacts. If the computing platform determines that the key performance indicator threatens the security of the enterprise artifacts, then the computing platform may execute at least one enterprise artifact protection protocol to safeguard the enterprise artifacts.

BACKGROUND

Aspects of the disclosure relate to hardware and software for preservingenterprise artifacts using digital twin technology and intelligent smartcontracts. In particular, one or more aspects of the disclosure relateto monitoring external data associated with real-world conditions andinternal data associated with an enterprise organization, comparing theexternal data and the internal data to historic external data andhistoric internal data to identify inconsistencies, flagging keyperformance indicators that identify the inconsistencies, and executingat least one enterprise artifact protection protocol based on theidentified inconsistencies.

Current data retention and data protection protocols enable enterpriseorganizations to preserve enterprise artifacts (e.g., enterpriseorganization data, enterprise organization operations, enterpriseorganization applications, or the like) when the location where theenterprise artifacts are stored (e.g., data centers, or the like) may becompromised. In some instances, an enterprise organization may protectthe enterprise artifacts within a compromised data center (e.g., may usea back-up power generator to provide power to the compromised datacenter while the main power source is non-operational). Over time, thedata protection and/or data retrieval measures may become less effective(e.g., the back-up power generator's fuel supply may deplete aftercontinued use) and may compromise the preservation of the enterpriseartifacts. Therefore, current data retention and data protectionprotocols might not offer enterprise organizations a method ofpreserving the enterprise artifacts for an extended period of timeand/or a method of transmitting the enterprise artifacts from thecompromised data center to a secure location.

SUMMARY

The following presents a simplified summary in order to provide a basicunderstanding of some aspects of the disclosure. The summary is not anextensive overview of the disclosure. It is neither intended to identifykey or critical elements of the disclosure nor to delineate the scope ofthe disclosure. The following summary merely presents some concepts ofthe disclosure in a simplified form as a prelude to the descriptionbelow.

Aspects of the disclosure provide effective, efficient, and convenienttechnical solutions that address and overcome the technical problemsassociated with preserving, in real-time or near real-time, enterpriseartifacts using digital twin technology and intelligent smart contracts.

In accordance with one or more embodiments, a method may comprise, at acomputing device including one or more processors and memory, receiving,from a plurality of external devices, a stream of external data thatincludes real-world conditions. The method may comprise receiving, froma plurality of internal devices, a stream of internal data that includesconditions associated with an enterprise organization. The method maycomprise parsing the external data and the internal data. The method maycomprise identifying, based on the parsing, a plurality of data typesand a plurality of data values that correspond to the external data andthe internal data. The method may comprise determining whether theexternal data is consistent with historic external data. The method maycomprise based on determining the external data is inconsistent with thehistoric external data, flagging at least one key performance indicator.The method may comprise determining at least one critical value thatcorresponds to the at least one flagged key performance indicator. Themethod may comprise determining whether the at least one flagged keyperformance indicator corresponds to at least one enterprise artifactprotection protocol. The method may comprise based on determining thatthe at least one flagged key performance indicator corresponds to the atleast one enterprise artifact protection protocol, generating, using adigital twin engine, sample implementations of the at least oneenterprise artifact protection protocol. The method may compriseanalyzing the sample implementations of the at least one enterpriseartifact protection protocol. The method may comprise executing, basedon the analysis, an enterprise artifact protection protocol.

In accordance with one or more embodiments, a computing platform maycomprise at least one processor, a communication interfacecommunicatively coupled to the at least one processor, and memorystoring computer-readable instructions that, when executed by the atleast one processor, cause the computing platform to receive, from aplurality of external devices, a stream of external data that includesreal-world conditions. The computing platform may receive, from aplurality of internal devices, a stream of internal data that includesconditions associated with an enterprise organization. The computingplatform may parse the external data and the internal data. Thecomputing platform may identify, based on the parsing, a plurality ofdata types and a plurality of data values that correspond to theexternal data and the internal data. The computing platform maydetermine whether the external data is consistent with historic externaldata. The computing platform may, based on determining the external datais inconsistent with the historic external data, flag at least one keyperformance indicator. The computing platform may determine at least onecritical value that corresponds to the at least one flagged keyperformance indicator. The computing platform may determine whether theat least one flagged key performance indicator corresponds to at leastone enterprise artifact protection protocol. The computing platform may,based on determining that the at least one flagged key performanceindicator corresponds to the at least one enterprise artifact protectionprotocol, generate, using a digital twin engine, sample implementationsof the at least one enterprise artifact protection protocol. Thecomputing platform may analyze the sample implementations of the atleast one enterprise artifact protection protocol. The computingplatform may execute, based on the analysis, an enterprise artifactprotection protocol.

In accordance with one or more embodiments, one or more non-transitorycomputer-readable media storing instructions that, when executed by acomputing platform comprising at least one processor, memory, and acommunication interface, cause the computing platform to receive, from aplurality of external devices, a stream of external data that includesreal-world conditions. The instructions, when executed, may cause thecomputing platform to receive, from a plurality of internal devices, astream of internal data that includes conditions associated with anenterprise organization. The instructions, when executed, may cause thecomputing platform to parse the external data and the internal data. Theinstructions, when executed, may cause the computing platform toidentify, based on the parsing, a plurality of data types and aplurality of data values that correspond to the external data and theinternal data. The instructions, when executed, may cause the computingplatform to determine whether the external data is consistent withhistoric external data. The instructions, when executed, may cause thecomputing platform to, based on determining the external data isinconsistent with the historic external data, flag at least one keyperformance indicator. The instructions, when executed, may cause thecomputing platform to determine at least one critical value thatcorresponds to the at least one flagged key performance indicator. Theinstructions, when executed, may cause the computing platform todetermine whether the at least one flagged key performance indicatorcorresponds to at least one enterprise artifact protection protocol. Theinstructions, when executed, may cause the computing platform to, basedon determining that the at least one flagged key performance indicatorcorresponds to the at least one enterprise artifact protection protocol,generate, using a digital twin engine, sample implementations of the atleast one enterprise artifact protection protocol. The instructions,when executed, may cause the computing platform to analyze the sampleimplementations of the at least one enterprise artifact protectionprotocol. The instructions, when executed, may cause the computingplatform to execute, based on the analysis, an enterprise artifactprotection protocol.

These features, along with many others, are discussed in greater detailbelow.

BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure is illustrated by way of example and is notlimited in the accompanying figures in which like reference numeralsindicate similar elements and in which:

FIG. 1A depicts an illustrative example of a computer system forpreserving enterprise artifacts using digital twin technology andintelligent smart contracts, in accordance with one or more exampleembodiments.

FIG. 1B depicts an illustrative example of the computing platform thatmay be used for preserving enterprise artifacts using digital twintechnology and intelligent smart contracts, in accordance with one ormore example embodiments.

FIG. 2 depicts an illustrative example of a decentralized peer-to-peer(P2P) computer system that may be used for preserving enterpriseartifacts using digital twin technology and intelligent smart contracts,in accordance with one or more example embodiments.

FIG. 3A depicts an illustrative example of a full node computing devicethat may be used for preserving enterprise artifacts using digital twintechnology and intelligent smart contracts, in accordance with one ormore example embodiments.

FIG. 3B depicts an illustrative example of a lightweight node computingdevice that may be used for preserving enterprise artifacts usingdigital twin technology and intelligent smart contracts, in accordancewith one or more example embodiments.

FIGS. 4A-4G depict an illustrative event sequence for preservingenterprise artifacts using digital twin technology and intelligent smartcontracts, in accordance with one or more example embodiments.

FIG. 5A-5B depict an illustrative method for preserving enterpriseartifacts using digital twin technology and intelligent smart contracts,in accordance with one or more example embodiments.

DETAILED DESCRIPTION

In the following description of various illustrative embodiments,reference is made to the accompanying drawings, which form a parthereof, and in which are shown, by way of illustration, variousembodiments in which aspects of the disclosure may be practiced. It isto be understood that other embodiments may be utilized, and structuraland functional modifications may be made, without departing from thescope of the present disclosure. Various aspects are capable of otherembodiments and of being practiced or being carried out in variousdifferent ways.

It is noted that various connections between elements are discussed inthe following description. It is noted that these connections aregeneral and, unless specified otherwise, may be direct or indirect,wired or wireless, and that the specification is not intended to belimiting in this respect.

It is to be understood that the phraseology and terminology used hereinare for the purpose of description and should not be regarded aslimiting. Rather, the phrases and terms used herein are to be giventheir broadest interpretation and meaning. The use of “including” and“comprising” and variations thereof is meant to encompass the itemslisted thereafter and equivalents thereof as well as additional itemsand equivalents thereof.

As discussed above, current data retention and data protection protocolsmight not offer enterprise organizations a method of preservingenterprise artifacts for an extended period of time and/or a method oftransmitting the enterprise artifacts from the compromised data centerto a secure location. Accordingly, proposed herein is a solution to theproblem described above that includes preserving, in real-time or nearreal-time, enterprise artifacts using digital twin technology andintelligent smart contracts. For example, a computing platform maycontinuously receive external data that describes real-world conditionsand may continuously receive internal data that describes conditionsassociated with an enterprise organization and/or a data center. Foreach piece of data, the computing platform may identify the internal orexternal condition that the piece of data describes, and may categorizethe piece of data based on the internal or external condition (e.g.,“TORNADO_X,” wherein X may indicate a geographic location and/or path ofthe tornado, or the like). The computing platform may determine whetherthe internal data is consistent with historic internal data and maydetermine whether the external data is consistent historic externaldata. In some instances, the computing platform may determine that theinternal data (or the external data) is inconsistent with the historicinternal data (or the historic external data), and may flag a keyperformance indicator (KPI) that identifies the inconsistency (e.g., aflagged “WIND” KPI may indicate the current wind speed is inconsistentwith the historic wind speed, or the like). The computing platform maydistribute the flagged KPI to a peer-to-peer (P2P) network storing atleast a portion of a blockchain. The computing platform, using a smartcontracts node on the blockchain, may determine a critical valueassociated with the flagged KPI, and may distribute the flagged KPI andthe corresponding critical value to team nodes on the blockchain. Thecomputing platform, using the team nodes on the blockchain, may analyzethe flagged KPI and the corresponding critical value, and may determinewhether to initiate at least one enterprise artifact protection protocolto preserve the enterprise artifacts that may be affected by the flaggedKPI. The computing platform may, using a digital twin engine, analyzesample implementations of at least one enterprise artifact protectionprotocol, and may instruct a digital twin engine to execute at least oneenterprise artifact protection protocol based on the analysis of thesample implementations.

In some examples, a computing environment may comprise the computingplatform, a plurality of external devices, a plurality of internaldevices, and/or an enterprise organization computing device. In someinstances, the computing platform may comprise a data filtration andaggregation engine, a critical event prediction engine, a blockchain,and/or a digital twin engine. The plurality of external devices maycontinuously detect external data that may describe real-worldconditions (e.g., weather reports, natural disaster warnings, civilunrest warnings, or the like) and the plurality of internal devices maycontinuously detect internal data that may describe conditionsassociated with an enterprise organization and/or a data center (e.g.,CPU usage, load capacity, application load usage, power supply levels,or the like). The plurality of internal devices and the plurality ofexternal devices may transmit the detected data to the data filtrationand aggregation engine. The data filtration and aggregation engine mayparse the received data to determine a data type associated with eachpiece of data and a data value associated with each piece of data (e.g.,a weather report indicating a snowstorm may be associated with the datatype “SNOWSTORM” and the data value “X inches of snow,” or the like).The data filtration and aggregation engine may generate a datastructure, and may store the received external data, the receivedinternal data, a plurality of data types, and a plurality of data valuesin the data structure. The data filtration and aggregation engine maystore the data structure in the aggregated data database.

The critical event prediction engine may retrieve the data structurefrom the aggregated data database. The critical event prediction enginemay further retrieve historic external data and historic internal datafrom the aggregated data database. The critical event prediction enginemay compare the internal data (or the external data) to the historicinternal data (or the historic external data) to determine whether theinternal data (or the external data) is consistent with the historicinternal data (or the historic external data). If the critical eventprediction engine determines that the internal data (or the externaldata) is consistent with the historic internal data (or the historicexternal data), then the critical event prediction engine may continuecomparing the internal data (or the external data) to the historicinternal data (or the historic external data). Alternatively, if thecritical event prediction engine determines that the internal data (orthe external data) is inconsistent with the historic internal data (orthe historic external data), then the critical event prediction enginemay flag a key performance indicator (KPI) to identify the inconsistency(e.g., if the current wind speed is inconsistent with the historic windspeed taken on the same day and at and/or around the same time of day,then the flagged KPI may be “WIND,” or the like). In such instances, thecritical event prediction engine may transmit the flagged KPI to theblockchain.

A smart contracts node on the blockchain may determine a critical valueassociated with the flagged KPI (e.g., using guidelines that may begenerated by and received from the enterprise organization computingdevice). The smart contracts node may distribute the flagged KPI and thecorresponding critical value to team nodes on the blockchain, whereinthe team nodes on the blockchain may correspond to teams associated withthe enterprise organization (e.g., a legal team, a security team, a loadmonitoring team, or the like). The team nodes on the blockchain mayanalyze the flagged KPI and the corresponding critical value (e.g.,using guidelines that may be generated by and received from theenterprise organization computing device). Each team node on theblockchain may determine whether the flagged KPI may threaten thesecurity of the enterprise artifacts (e.g., whether an ice storm maycause a data center housing the enterprise artifacts to lose power,whether the load capacity within the data center is approaching maximumcapacity, or the like). At least one team node on the blockchain maydetermine that the flagged KPI might not threaten the security of theenterprise artifacts while at least one different team node on theblockchain may determine that the flagged KPI may threaten the securityof the enterprise artifacts. In such instances (e.g., where there is noconsensus among the team nodes), the smart contracts node may transmitthe flagged KPI and the corresponding critical value to the enterpriseorganization computing device (e.g., for manual intervention).Alternatively, if there is consensus among the nodes that the flaggedKPI may threaten the security of the enterprise artifacts, then thesmart contracts nodes may transmit the flagged KPI to the digital twinengine. In some instances, there may be consensus among the nodes thatthe flagged KPI might not threaten the security of the enterpriseartifacts and, as such, the smart contracts node might not transmit theflagged KPI to the digital twin engine.

The digital twin engine may retrieve, from the blockchain, at least oneflagged KPI. The digital twin engine may parse the data stored on theblockchain to locate at least one enterprise artifact protectionprotocol that corresponds to the flagged KPI. The digital twin enginemay generate a sample implementation of the at least one enterpriseartifact protection protocol, and may transmit at least one sampleimplementation to the blockchain. The smart contracts node may analyzethe at least one sample implementation and may elect at least oneenterprise artifact protection protocol. The smart contracts node maytransmit, to the digital twin engine, instructions to initiate the atleast one elected enterprise artifact protection protocol. The digitaltwin engine may receive the instructions from the smart contracts nodeand may execute the at least one enterprise artifact protection protocolelected by the smart contracts node.

The disclosure provided herein is described, at least in part, inrelation to a decentralized peer-to-peer (e.g., P2P) system specializedfor the purpose of managing a blockchain. The decentralized P2P systemmay be comprised of computing devices that are distributed in multiplelocations across a geographical area as opposed to a single locationsuch as a business or company. The computing devices forming thedecentralized P2P system may operate with each other to manage ablockchain, which may be a data structure used to store informationrelated to the decentralized P2P system. More specifically, theblockchain may be a chronological linkage of data elements (e.g.,blocks) which store data records relating to the decentralized computingsystem. The decentralized P2P system may be associated with anenterprise organization and may be used to determine whether to executeat least one enterprise artifact protection protocol.

An enterprise organization may access the decentralized P2P systemthrough a specialized “wallet” (i.e., Identity Wallet) that may enablethe enterprise organization to request and to perform functions relatedto the decentralized P2P network. Through the wallet, the enterpriseorganization may be able to engage at least one smart contracts program(e.g., via a smart contracts node and a plurality of team nodes on theblockchain) stored within the decentralized P2P system to analyze theexternal data and the internal data, and to determine whether to engageat least one enterprise artifact protection protocol. Furthermore, theenterprise organization may use the wallet to request performance ofnetwork-specific functions related to the decentralized P2P system suchas determining a critical value associated with a flagged KPI (discussedbelow), analyzing at least one sample implementation of at least oneenterprise artifact protection protocol, and executing at least oneenterprise artifact protection protocol based on the analysis. Thevarious computing devices forming the decentralized P2P computing systemmay operate as a team to perform network-specific functions requested bythe enterprise organization. In performing the network-specificfunctions, the various computing devices may produce blocks that storethe data generated during the performance of the network-specificfunctions and may add the blocks to the blockchain. After the block hasbeen added to the blockchain, the wallet associated with the enterpriseorganization may indicate that the requested network-specific functionhas been performed.

For example, the enterprise organization's wallet may contain data thatmay be used to submit, to the decentralized P2P computing system, arequest to determine whether to execute at least one enterprise artifactprotection protocol. In particular, the data within the enterpriseorganization's wallet may comprise the external data, the historicexternal data, the internal data, and the historic internal data. Theenterprise organization may use the data in the wallet to submit, to thesmart contracts node within the decentralized P2P system, a request todetermine whether to execute at least one enterprise artifact protectionprotocol. The enterprise organization may submit the request to thedecentralized P2P system. The various computing devices forming thedecentralized P2P computing system may extract the data from the walletand may process the request. In doing so, a block may be created by thevarious computing devices of the decentralized P2P computing system. Theblock may store data indicating that the request was submitted to thedecentralized P2P system. The various computing devices may add theblock to the blockchain. The wallet associated with the enterpriseorganization may reflect the submission of the request.

In more detail, the decentralized P2P system may be specialized for thepurpose of managing a distributed ledger, such as a private blockchainor a public blockchain, through the implementation of digitalcryptographic hash functions, consensus algorithms, digital signatureinformation, and network-specific protocols and commands. Thedecentralized P2P system (e.g., decentralized system) may be comprisedof decentralized system infrastructure consisting of a plurality ofcomputing devices, either of a heterogeneous or homogenous type, whichserve as network nodes (e.g., full nodes and/or lightweight nodes) tocreate and sustain a decentralized P2P network (e.g., decentralizednetwork). Each of the full network nodes may have a complete replica orcopy of a blockchain stored in memory and may operate in concert, basedon the digital cryptographic hash functions, consensus algorithms,digital signature information, and network-specific protocols, toexecute network functions and/or maintain inter-nodal agreement as tothe state of the blockchain. Each of the lightweight network nodes mayhave at least a partial replica or copy of the blockchain stored inmemory and may request performance of network functions through theusage of digital signature information, hash functions, and networkcommands. In executing network functions of the decentralized network,at least a portion of the full nodes forming the decentralized networkmay execute the one or more cryptographic hash functions, consensusalgorithms, and network-specific protocols to register a requestednetwork function on the blockchain. In some instances, a plurality ofnetwork function requests may be broadcasted across at least a portionof the full nodes of the decentralized network, aggregated throughexecution of the one or more digital cryptographic hash functions, andvalidated by performance of the one or more consensus algorithms togenerate a single work unit (e.g., block), which may be added in atime-based, chronological manner to the blockchain through performanceof network-specific protocols.

While in practice the term “blockchain” may hold a variety ofcontextually derived meanings, the term blockchain, as used herein,refers to a concatenation of sequentially dependent data elements (e.g.,blocks) acting as a data ledger that stores records relating to adecentralized computing system. Such data records may be related tothose used by a particular entity or enterprise, such as a financialinstitution, and/or may be associated with a particular applicationand/or use case including, but not limited to, enterprise artifactssecurity, fund transfers, cryptocurrency, digital content storage anddelivery, entity authentication and authorization, digital identity,marketplace creation and operation, internet of things (IoT), predictionplatforms, currency exchange and remittance, P2P transfers, ridesharing, and precious metal and work of art registration andtransference, among others. A “private blockchain” may refer to ablockchain of a decentralized private system in which only authorizedcomputing devices are permitted to act as nodes in a decentralizedprivate network and have access to the private blockchain. In someinstances, the private blockchain may be viewable and/or accessible byauthorized computing devices which are not participating as nodes withinthe decentralized private network, but still have proper credentials. A“public blockchain” may refer to a blockchain of a decentralized publicsystem in which any computing devices may be permitted to act as nodesin a decentralized public network and have access to the publicblockchain. In some instances, the public blockchain may be viewableand/or accessible by computing devices which are not participating asnodes within the decentralized public network.

Further, a “full node” or “full node computing device,” as used herein,may describe a computing device in a decentralized system which operatesto create and maintain a decentralized network, execute requestednetwork functions, and maintain inter-nodal agreement as to the state ofthe blockchain. In order to perform such responsibilities, a computingdevice operating as a full node in the decentralized system may have acomplete replica or copy of the blockchain stored in memory, as well asexecutable instructions for the execution of hash functions, consensusalgorithms, digital signature information, network protocols, andnetwork commands. A “lightweight node,” “light node,” “lightweight nodecomputing device,” or “light node computing device” may refer to acomputing device in a decentralized system which may request theperformance of network functions (e.g., requests to analyze at least onesample implementation of at least one enterprise artifact protectionprotocol, requests to elect at least one enterprise artifact protectionprotocol based on the analysis, or the like) within a decentralizednetwork, but might not be capable of executing the requested networkfunctions or maintaining inter-nodal agreement as to the state of theblockchain. As such, a computing device operating as a lightweight nodein the decentralized system may have a partial replica or copy of theblockchain. In some instances, network functions, requested bylightweight nodes, to be performed by the decentralized network may alsobe requested by full nodes in the decentralized system.

“Network functions” and/or “network-specific functions,” as describedherein, may relate to functions which are able to be performed by nodesof a decentralized P2P network. In some arrangements, the data generatedin performing network-specific functions may be stored on a blockchainassociated with the decentralized P2P network.

Computer Architecture

FIG. 1A depicts an illustrative example of a computer system 100 thatmay be used for preserving, in real-time or near real-time, enterpriseartifacts using digital twin technology and intelligent smart contracts,in accordance with one or more aspects described herein. Computer system100 may comprise one or more computing devices including at leastcomputing platform 110, external computing devices 120 a-120 c, internalcomputing devices 130 a-130 c, and enterprise organization computingdevice 140. While FIG. 1A depicts more than one external computingdevice (e.g., external computing devices 120 a-120 c), each of externalcomputing devices 120 a-120 c may be configured in accordance with thefeatures described herein. While the description herein may refer toexternal computing device 120, it is important to note that thefunctions described in connection with external computing device 120 mayalso be performed by any one of external computing devices 120 a-120 c.While FIG. 1A depicts external computing devices 120 a-120 c, more orless than three external computing devices may exist within computersystem 100. Three external computing devices are depicted in FIG. 1A forillustration purposes only and are not meant to be limiting.

Further, while FIG. 1A depicts more than one internal computing device(e.g., internal computing devices 130 a-130 c), each of internalcomputing devices 130 a-130 c may be configured in accordance with thefeatures described herein. While the description herein may refer tointernal computing device 130, it is important to note that thefunctions described in connection with internal computing device 130 mayalso be performed by any one of internal computing devices 130 a-130 c.While FIG. 1A depicts internal computing devices 130 a-130 c, more orless than three internal computing devices may exist within computersystem 100. Three internal computing devices are depicted in FIG. 1A forillustration purposes only and are not meant to be limiting.

While FIG. 1A depicts one enterprise organization computing device(e.g., enterprise organization computing device 140), more than oneenterprise organization computing device may exist within computersystem 100. One enterprise organization computing device is depicted inFIG. 1A for illustration purposes only and is not meant to be limiting.

Each one of external computing devices 120 a-120 c, internal computingdevices 130 a-130 c, and enterprise organization computing device 140may be configured to communicate with computing platform 110 throughnetwork 150. In some arrangements, computer system 100 may includeadditional computing devices and networks that are not depicted in FIG.1A, which may also be configured to interact with computing platform110.

Computing platform 110 may be associated with a distinct entity such asan enterprise organization, company, school, government, and the like,and may comprise one or more personal computer(s), server computer(s),hand-held or laptop device(s), multiprocessor system(s),microprocessor-based system(s), set top box(es), programmable userelectronic device(s), network personal computer(s) (PC),minicomputer(s), mainframe computer(s), distributed computingenvironment(s), and the like. Computing platform 110 may includecomputing hardware and software that may host various data andapplications for performing tasks of the centralized entity andinteracting with external computing device 120, internal computingdevice 130, enterprise organization computing device 140, and/oradditional computing devices. As discussed in greater detail below inconnection with FIG. 1B, computing platform 110 may use data filtrationand aggregation engine 111, aggregated data database 112, critical eventprediction engine 113, blockchain 114, digital twin engine 115, database116, and/or processor(s) 117 to analyze and execute at least oneenterprise artifact protection protocol. Each computing device withincomputing platform 110 may contain database 116 and processor(s) 117,which may be stored in memory of the one or more computing devices ofcomputing platform 110. Through execution of computer-readableinstructions stored in memory, the computing devices of computingplatform 110 may be configured to perform functions of the centralizedentity and store the data generated during the performance of suchfunctions in database 116.

In some arrangements, computing platform 110 may include and/or be partof enterprise information technology infrastructure and may host aplurality of enterprise applications, enterprise databases, and/or otherenterprise resources. Such applications may be executed on one or morecomputing devices included in computing platform 110 using distributedcomputing technology and/or the like. In some instances, computingplatform 110 may include a relatively large number of servers that maysupport operations of the enterprise organization, such as a financialinstitution. Computing platform 110, in this embodiment, may generate asingle centralized ledger, which may be stored in database 116, for datareceived from at least one of external computing device 120, internalcomputing device 130, and/or enterprise organization computing device140.

External computing device 120, internal computing device 130, and/orenterprise organization computing device 140 may be configured tointeract with computing platform 110 through network 150. In someinstances, at least one of external computing device 120, internalcomputing device 130, and/or enterprise organization computing device140 may be configured to receive and transmit information correspondingto requests through particular channels and/or applications associatedwith computing platform 110. The requests submitted by at least one ofexternal computing device 120, internal computing device 130, and/orenterprise organization computing device 140 may initiate theperformance of particular computational functions at computing platform110, such as the analysis of at least one sample implementation of atleast one enterprise artifact protection protocol.

As stated above, computer system 100 also may include one or morenetworks, which may interconnect one or more of computing platform 110,external computing device 120, internal computing device 130, andenterprise organization computing device 140. For example, centralizedcomputer system 100 may include network 150. Network 150 may include oneor more sub-networks (e.g., local area networks (LANs), wide areanetworks (WANs), or the like). Furthermore, computer system 100 mayinclude a local network configured to interconnect each of the computingdevices comprising computing platform 110.

External computing device 120 may continuously monitor real-worldconditions (e.g., conditions that describe the environment surroundingan enterprise organization, conditions that describe the environmentsurrounding a data center, or the like). The real-world conditions maycorrespond to a geographic location within which the enterpriseorganization may be located. In some instances, the real-worldconditions might not correspond to the geographic location of theenterprise organization, but may correspond to a geographic locationwithin which enterprise artifacts may be stored (e.g., a geographiclocation of a data center). External computing device 120 may beconfigured to receive a stream of external data (e.g., local weatherreports, natural disaster tracking, international news reports onresource shortages, domestic news reports on events occurring in alocation, or the like) that corresponds to at least one of thegeographic location of the enterprise organization or the geographiclocation of the data center. In some instances, each one of externalcomputing devices 120 a-120 c may be configured to receive a differentstream of external data. External computing device 120 may detect thestream of external data (e.g., a weather report indicating a change inwind speed, or the like) and may transmit the external data to datafiltration and aggregation engine 111.

Internal computing device 130 may continuously monitor conditions withinthe enterprise organization. In some instances, internal computingdevice 130 may be configured to continuously monitor conditionsassociated with the data center within which the enterprise organizationmay store the enterprise artifacts (e.g., enterprise organizationapplications, enterprise organization data, enterprise organizationoperations, or the like). To do so, internal computing device 130 may beconfigured to receive a stream of internal data (e.g., current CPUcapacity, maximum CPU capacity, current load usage, maximum loadcapacity, system power levels, or the like). In some instances, each oneof internal computing devices 130 a-130 c may be configured to receive adifferent stream of internal data. Internal computing device 130 maydetect the stream of internal data (e.g., a warning that the currentload usage is approaching the maximum load capacity, or the like) andmay transmit the internal data to data filtration and aggregation engine111.

Enterprise organization computing device 140 may be configured togenerate a plurality of analysis guidelines and to transmit theplurality of analysis guidelines to blockchain 114. As discussed inconnection with FIG. 1B, a plurality of nodes on blockchain 114 (e.g., aplurality of team nodes, wherein each team node may correspond to adifferent team and/or department within the enterprise organization, orthe like) may use the plurality of analysis guidelines to determinewhether a flagged KPI may threaten the security of the enterpriseartifacts. In some instances, the plurality of analysis guidelines mayinstruct each team node to review enterprise organization rules specificto the particular team and/or department within the enterpriseorganization. The plurality of analysis guidelines may instruct eachteam node to compare the flagged KPI to the enterprise organizationrules specific to the particular team and/or department to determinewhether the flagged KPI violates at least one enterprise organizationrule. If the team node determines that the flagged KPI violates at leastone enterprise organization rule, then the plurality of analysisguidelines may instruct the team node to identify the flagged KPI as apotential threat to the security of the enterprise artifacts. Theplurality of analysis guidelines may further instruct the team node toidentify the at least one enterprise organization rule that the flaggedKPI may violate. Alternatively, if the team node determines that theflagged KPI might not violate the enterprise organization rules, thenthe plurality of analysis guidelines may instruct the team node toidentify the flagged KPI as non-threatening to the security of theenterprise artifacts. In some instances, the team node might not be ableto determine whether the flagged KPI violates at least one enterpriseorganization rule (e.g., due to ambiguities within the at least oneenterprise organization rule, or the like). In such instances, theplurality of analysis guidelines may instruct the team node to identifythe flagged KPI as potentially threatening to the security of theenterprise artifacts and to recommend that the flagged KPI undergomanual analysis (e.g., by an agent on the team and/or department thatcorresponds to the team node).

Enterprise organization computing device 140 may further be configuredto generate a plurality of enterprise artifact protection protocols. Anenterprise artifact protection protocol may comprise a series ofinstructions which, when executed, may protect the enterprise artifactsfrom scenarios that may potentially threaten (e.g., impact, weaken, orthe like) the security of the enterprise artifacts. As such, whenexecuted, the enterprise artifact protection protocols may increaseand/or preserve the security of the enterprise artifacts. To generatethe plurality of enterprise artifact protection protocols, enterpriseorganization computing device 140 may predict a plurality of events thatmay threaten the security of the enterprise artifacts (e.g., a poweroutage at the data center due to an ice storm, CPU usage within theenterprise organization approaching maximum CPU capacity, or the like).To predict the plurality of events that may threaten the security of theenterprise artifacts, enterprise organization computing device 140 mayanalyze the historic external data and the historic internal data (e.g.,external data and internal data that was previously received andprocessed using the features described herein, or the like). Enterpriseorganization computing device 140 may determine countermeasures that,when executed, may protect the enterprise artifacts and may use thecountermeasures to generate the plurality of enterprise artifactprotection protocols. Enterprise organization computing device 140 maydraft code, using at least one programming language, that, whenexecuted, may initiate the corresponding enterprise artifact protectionprotocol. In some instances, enterprise organization computing device140 may draft code, using at least one programming language, thatcorresponds to a sample implementation of at least one enterpriseartifact protection protocol (e.g., a sample implementation of a featureof at least one enterprise artifact protection protocol, or the like)and that, when executed, may initiate the corresponding sampleimplementation of the enterprise artifact protection protocol.

In some instances, enterprise organization computing device 140 mayanalyze the enterprise organization rules specific to each team and/ordepartment within the enterprise organization to generate the pluralityof enterprise artifact protection protocols. For each team and/ordepartment within the enterprise organization, enterprise organizationcomputing device 140 may parse the enterprise organization rules toidentify, for each rule, at least one scenario that may violate therule. For each identified scenario, enterprise organization computingdevice 140 may determine countermeasures that, when executed, mayneutralize any attempts to harm the enterprise artifacts and/or mayprotect the enterprise artifacts from potential threats. Enterpriseorganization computing device 140 may use the countermeasures togenerate the plurality of enterprise artifact protection protocols.Enterprise organization computing device 140 may transmit the pluralityof enterprise artifact protection protocols to blockchain 114.

In some instances, enterprise organization computing device 140 mayreceive, from the smart contracts node on blockchain 114, at least oneflagged KPI that was identified by at least one team node as a potentialthreat to the security of the enterprise artifacts. Enterpriseorganization computing device 140 may transmit the at least one flaggedKPI to the team and/or department that corresponds to the team node thatidentified the flagged KPI as a potential threat. Enterpriseorganization computing device 140 may instruct the team and/ordepartment to manually analyze the flagged KPI and to determine whetherto execute at least one enterprise artifact protection protocol based onthe analysis of the flagged KPI.

In some instances, enterprise organization computing device 140 mayreceive, from digital twin engine 115, at least one flagged KPI and anotification indicating that blockchain 114 might not contain anenterprise artifact protection protocol that addresses the at least oneflagged KPI. Enterprise organization computing device 140 may analyzethe at least one flagged KPI and may determine countermeasures that,when executed, may protect the enterprise artifacts. In some instances,enterprise organization computing device 140 may identify at least oneteam and/or department within the enterprise organization whose rulesmay be designed to protect the enterprise artifacts from the at leastone flagged KPI. Enterprise organization computing device 140 maycompare the at least one flagged KPI to the enterprise organizationrules that correspond to the at least one team and/or department.Enterprise organization computing device 140 may identify at least oneway in which the flagged KPI may violate at least one enterpriseorganization rule that corresponds to the at least one team and/ordepartment, and may use the at least one violation to determinecountermeasures that, when executed, may protect the enterpriseartifacts from the at least one violation. Enterprise organizationcomputing device 140 may use the countermeasures to generate at leastone enterprise artifact protection protocol that addresses the at leastone flagged KPI. Enterprise organization computing device 140 maytransmit the at least one enterprise artifact protection protocol toblockchain 114.

FIG. 1B depicts the components of computing platform 110 that may beused for preserving, in real-time or near real-time, enterpriseartifacts using digital twin technology and intelligent smart contracts,in accordance with one or more aspects described herein. As discussed inconnection with FIG. 1A, computing platform 110 may comprise datafiltration and aggregation engine 111, aggregated data database 112,critical event prediction engine 113, blockchain 114, digital twinengine 115, database 116, and/or processor(s) 117.

Data filtration and aggregation engine 111 may receive a plurality ofdata streams from external computing devices 120 a-120 c and internalcomputing devices 130 a-130 c. In particular, data filtration andaggregation engine 111 may be configured to receive at least one streamof external data from external computing devices 120 a-120 c and atleast one stream of internal data from internal computing devices 130a-130 c. Each stream of external data may correspond to a different oneof external computing devices 120 a-120 c. As such, each stream ofexternal data may correspond to a different category of external data(e.g., a local weather report, a news report on events occurring in aparticular location, or the like). Similarly, each stream of internaldata may correspond to a different one of internal computing devices 130a-130 c. As such, each stream of internal data may correspond to adifferent category of internal data (e.g., maximum CPU capacity, maximumload capacity, current power supply levels, or the like).

Data filtration and aggregation engine 111 may filter the received datainto separate groups based on whether the data corresponds to a streamof external data or a stream of internal data. Data filtration andaggregation engine 111 may aggregate the streams of external data intoan external data group and may aggregated the streams of internal datainto an internal data group. Within the external data group, datafiltration and aggregation engine 111 may parse each piece of externaldata to identify at least one data type and at least one data value thatcorresponds to the piece of external data. The identified data type maydescribe the corresponding data stream (e.g., identify whether the pieceof external data corresponds to weather (“ICE_STORM_X”, wherein X mayindicate the geographic location of the ice storm), breaking news(“CIVIL_UNREST_X”, wherein X may indicate the geographic location of thecivil unrest), a natural disaster (“TORNADO_X”, wherein X may indicatethe geographic location and/or path of the tornado), or the like). Theidentified data value may describe the data type and/or data stream(e.g., “SNOW_Y_INCHES” may describe “ICE_STORM_X,” “WINDS_80MPH” maydescribe “TORNADO_X,” or the like).

Similarly, within the internal data group, data filtration andaggregation engine 111 may parse each piece of internal data to identifyat least one data type and at least one data value that corresponds tothe piece of internal data. As described above, the identified data typemay describe the corresponding data stream (e.g., identify whether thepiece of internal data corresponds to current CPU usage (“SERVER1_CPU”),current power supply levels (“DATA_CENTER1_POWER”), or the like). Theidentified data value may describe the data type and/or data stream(e.g., “ZZ %” may describe “SERVER1_CPU,” “AA %” may describe“DATA_CENTER1_POWER,” or the like).

Data filtration and aggregation engine 111 may generate a data structureand may store, within the data structure, each piece of external dataand internal data. In particular, data filtration and aggregation engine111 may store each piece of external data and internal data within thedata structure based on the identified data types (e.g., based on thestream to which each piece of data corresponds) and the identified datavalues. In some instances, the data structure may indicate the pluralityof data types and, as such, data filtration and aggregation engine 111may use the plurality of data types to populate the data structure(e.g., to store the external data and the internal data in the datastructure based on the data stream to which the data corresponds). Insome instances, data filtration and aggregation engine 111 may determinethat at least one piece of external data or internal data might notcorrespond to the plurality of data types identified in the datastructure. As such, data filtration and aggregation engine 111 mayidentify at least one additional data type that corresponds to the atleast one piece of external data or internal data, and may store the atleast one piece of external data or internal data in the data structurebased on the at least one additional data type. Data filtration andaggregation engine 111 may store the data structure in aggregated datadatabase 112.

In some instances, data filtration and aggregation engine 111 maygenerate a portion of the data structure using the external data and theinternal data. As such, data filtration and aggregation engine 111 may,upon filtering and aggregating new streams of data, add the newlyfiltered and aggregated data to the existing data structure bygenerating an additional portion of the existing data structure and byadding the additional portion to the existing data structure. In suchinstances, data filtration and aggregation engine 111 may transmit eachadditional portion of the data structure to aggregated data database112, and may instruct aggregated data database 112 to store eachadditional portion of the data structure.

Aggregated data database 112 may receive, from data filtration andaggregation engine 111, the data structure or the portion of the datastructure and may store the received data structure and/or the portionof the data structure. As described above, data filtration andaggregation engine 111 may continuously generate additional portions ofthe existing data structure when new streams of external data and newstreams of internal data are received. Upon receipt of an additionalportion of the existing data structure, aggregated data database 112 mayflag the previously received portions of the data structure as historicdata (e.g., historic external data, historic internal data, or thelike). Aggregated data database 112 may store the historic external dataand the historic internal data within aggregated data database 112. Thehistoric external data may comprise external data that was previouslyanalyzed and processed using the features and methods described herein.Similarly, the historic internal data may comprise internal data thatwas previously analyzed and processed using the features and methodsdescribed herein.

In some instances, data filtration and aggregation engine 111 maygenerate a new data structure when new streams of external data and newstreams of internal data are received. Upon receipt of the new datastructure, from data filtration and aggregation engine 111, aggregateddata database 112 may flag the previously received data structures ashistoric data (e.g., historic external data, historic internal data, orthe like). Aggregated data database 112 may store the historic externaldata and the historic internal data within aggregated data database 112.

Access to aggregated data database 112 may differ depending on thecomputing device that is requesting access (e.g., a hierarchy ofaccessibility). Data filtration and aggregation engine 111 may beassociated with a first level of accessibility (e.g., a leastrestrictive level of accessibility). Data filtration and aggregationengine 111 may perform functions on the data stored within aggregateddata database 112 (e.g., access the data structure(s), add datastructure(s), remove data structure(s), modify data structure(s), or thelike). Critical event prediction engine 113 may be associated with asecond level of accessibility (e.g., a more restrictive level ofaccessibility than the first level of accessibility). Critical eventprediction engine 113 may access the data structure(s), but might not bepermitted to add, remove, or modify the data structure(s) withinaggregated data database 112.

Critical event prediction engine 113 may retrieve, from aggregated datadatabase 112, the data structure and/or portions of the data structure,the historic external data, and the historic internal data. Criticalevent prediction engine 113 may identify the current external data, thecurrent internal data, the historic external data, and the historicinternal data. In some instances, critical event prediction engine 113may parse the retrieved data to identify the data structure and/or theportion of the data structure that aggregated data database 112 may haveflagged as historic data.

Critical event prediction engine 113 may analyze the data retrieved fromaggregated data database 112. To do so, critical event prediction engine113 may compare the external data (or the internal data) to the historicexternal data (or the historic internal data). Critical event predictionengine 113 may, using the data structure(s) and/or the portion of thedata structure, compare the plurality of data types associated with thehistoric external data (or the historic internal data) to the pluralityof data types associated with the external data (or the internal data).Critical event prediction engine 113 may determine that at least onedata type associated with the external data (or the internal data) mightnot correspond to (e.g., match, be similar to, or the like) at least onedata type associated with the historic external data (or the historicinternal data) and, as such, critical event prediction engine 113 maydetermine that the external data (or the internal data) might not havebeen previously received. Critical event prediction engine 113 mayterminate analysis on the external data (or the internal data) thatmight not have been previously received and may analyze the remainingexternal data (or the remaining internal data), if any.

In some instances, critical event prediction engine 113 may determinethat at least one data type associated with the external data (or theinternal data) may correspond to (e.g., match, be similar to, or thelike) at least one data type associated with the historic external data(or the historic internal data). Critical event prediction engine 113may compare the data value that corresponds to the data type associatedwith the external data (or the internal data) to the data value thatcorresponds to the data type associated with the historic external data(or the historic internal data). Critical event prediction engine 113may determine whether the data value that corresponds to the data typeassociated with the external data (or the internal data) is consistentwith (e.g., matches, is within a predetermined range, or the like) thedata value that corresponds to the data type associated with thehistoric external data (or the historic internal data). In someinstances, critical event prediction engine 113 may determine that thedata values are consistent (e.g., match, are within the predeterminedrange, or the like). As such, critical event prediction engine 113 mightnot flag the data value that corresponds to the data type associatedwith the external data (or the internal data). Critical event predictionengine 113 may analyze the remaining external data (or the remaininginternal data), if any.

Alternatively, in some instances, critical event prediction engine 113may determine that the data value that corresponds to the data typeassociated with the external data (or the internal data) might not beconsistent (e.g., might not match, might not be within the predeterminedrange, or the like) with the data value that corresponds to the datatype associated with the historic external data (or the historicinternal data). In such instances, critical event prediction engine 113may identify the inconsistency between the data values using a keyperformance indicator (KPI). The KPI may specify a feature (e.g.,measurement, parameter, or the like) of the data type that correspondsto the external data (or the internal data) that may be different fromthe same feature of the data type that corresponds to the historicexternal data (or the historic internal data). Critical event predictionengine 113 may flag the KPI and may transmit, to blockchain 114, theflagged KPI, the data type and data value that correspond to theexternal data (or the internal data), and the data type and data valuethat correspond to the historic external data (or the historic internaldata).

As described in detail in connection with FIG. 2 to FIG. 3B, blockchain114 may comprise a plurality of nodes, wherein the plurality of nodesmay comprise a smart contracts node and at least one team node. Thesmart contracts node may be configured to execute (e.g., automatically,or the like) at least one action, of a plurality of actions, based ondetermining at least one predetermined condition may be satisfied.Alternatively, the smart contracts node may be configured to resistexecution of the at least one action, of the plurality of actions, basedon determining the at least one predetermined condition might not besatisfied.

The smart contracts node may receive, from critical event predictionengine 113, the flagged KPI, the data type and data value thatcorrespond to the external data (or the internal data), and the datatype and data value that correspond to the historic external data (orthe historic internal data). The smart contracts node may use thereceived data to determine a critical value that corresponds to theflagged KPI. The critical value that corresponds to the flagged KPI mayindicate a predicted degree of whether and/or how much the flagged KPImay threaten (e.g., harm, weaken, or the like) the security of theenterprise artifacts. The critical value may be within a predeterminedrange (e.g., a scale from 0.0 to 10.0). A critical value may beassociated with a first level critical value if the critical value iscloser to 0.0. A critical value that may be associated with the firstlevel critical value may indicate that the corresponding flagged KPImight not pose a threat to the security of the enterprise artifacts.Alternatively, a critical value may be associated with a second levelcritical value if the critical value is closer 10.0. A critical valuethat may be associated with the second level critical value may indicatethat the corresponding flagged KPI may pose a threat to the security ofthe enterprise artifacts.

In some instances, a critical value that may be associated with thefirst level critical value may indicate that the corresponding externaldata (or the corresponding internal data) may be consistent with thehistoric external data (or the historic internal data). Alternatively,in some instances, a critical value that may be associated with thesecond level critical value may indicate that the corresponding externaldata (or the corresponding internal data) might not be consistent withthe historic external data (or the historic internal data).

To determine the critical value that corresponds to the flagged KPI, thesmart contracts node may consider a plurality of conditions that maypredict the degree of impact that the flagged KPI may inflict upon theenterprise organization and/or the data center and, by extension, thesecurity of the enterprise artifacts. In some instances, the smartcontracts node may consider the urgency of the flagged KPI (e.g., apredicted amount of time remaining before a natural disaster causeseither the enterprise organization or the data center to experiencepower failure, or the like), the current state of the flagged KPI (e.g.,whether either the enterprise organization and/or the data centercommenced power failure recovery procedures, or the like), the predictedwind down period of the flagged KPI (e.g., a predicted amount of timeuntil the completion of an enterprise operation that may be overloadingthe current CPU capacity, or the like), and/or the likelihood of theflagged KPI passing (e.g., a likelihood of a tornado's path turning awayfrom the enterprise organization and/or the data center, or the like).

The smart node contracts may store the critical value associated withthe flagged KPI within a data block on blockchain 114. The smartcontracts node may distribute the flagged KPI and the critical valueassociated with the flagged KPI to the plurality of team nodes onblockchain 114. The smart contracts node may receive, from each teamnode of the plurality of team nodes, an indication, from the point ofview of the team node, of whether the flagged KPI threatens the securityof the enterprise artifacts. A team node, of the plurality of teamnodes, may indicate that the flagged KPI may threaten the security ofthe enterprise artifacts. Additionally or alternatively, a team node, ofthe plurality of team nodes, may indicate that the flagged KPI might notthreaten the security of the enterprise artifacts.

The smart contracts node may receive, from at least one team node of theplurality of team nodes, an indication that the flagged KPI might notthreaten the security of the enterprise artifacts and may receive, fromat least one different team node of the plurality of team nodes, anindication that the flagged KPI may threaten the security of theenterprise artifacts (e.g., there might not be consensus among the teamnodes, or the like). In such instances, the smart contracts node maytransmit the flagged KPI and the critical value associated with theflagged KPI to enterprise organization computing device 140. The smartcontracts node may also transmit, to enterprise organization computingdevice 140, instructions to manually analyze the flagged KPI and thecritical value associated with the flagged KPI.

In some instances, the smarts contracts node may receive, from each teamnode of the plurality of team nodes, an indication that the flagged KPImight not threaten the security of the enterprise artifacts (e.g., theremay be consensus among the nodes that the flagged KPI might not threatenthe security of the enterprise artifacts, or the like). The smartcontracts node may determine, based on the indications from theplurality of team nodes, that execution of an enterprise artifactprotection protocol might not be necessary based on the consensus amongthe plurality of team nodes. As such, the smart contracts node mayanalyze additional flagged KPIs, if any.

Additionally or alternatively, the smart contracts node may receive,from each team node of the plurality of team nodes, an indication thatthe flagged KPI may threaten the security of the enterprise artifacts(e.g., there may be consensus among the team nodes that the flagged KPImay threaten the security of the enterprise artifacts). The smartcontracts node may transmit the flagged KPI to digital twin engine 115.The smart contracts node may receive, from digital twin engine 115, atleast one sample implementation of at least one enterprise artifactprotection protocol. The smart contracts node may analyze each sampleimplementation and may elect an enterprise artifact protection protocol,which may be used to safeguard the enterprise artifacts from the flaggedKPI. The smart contracts node may transmit, to digital twin engine 115,a notification indicating the at least one elected enterprise artifactprotection protocol. The smart contracts node may further transmit, todigital twin engine 115, instructions to execute the at least oneelected enterprise artifact protection protocol.

The plurality of team nodes on blockchain 114 may receive, from thesmart contracts node, the flagged KPI and the critical value associatedwith the flagged KPI. As discussed in connection with FIG. 1B, each nodeof the plurality of team nodes may correspond to a different team and/ordepartment within the enterprise organization (e.g., a legal team, asecurity team, a load management team, or the like). Each team node ofthe plurality of team nodes may use the plurality of analysisguidelines, received by blockchain 114 and from enterprise organizationcomputing device 140, to determine whether the flagged KPI may threatenthe security of the enterprise artifacts. To do so, in some instances,the plurality of analysis guidelines may instruct each team node toreview the enterprise organization rules specific to the particular teamand/or department within the enterprise organization. The plurality ofanalysis guidelines may instruct each team node to compare the flaggedKPI to the enterprise organization rules specific to the particular teamand/or department to determine whether the flagged KPI violates at leastone enterprise organization rule.

If the team node determines that the flagged KPI violates at least oneenterprise organization rule, then the plurality of analysis guidelinesmay instruct the team node to identify the flagged KPI as a potentialthreat to the security of the enterprise artifacts. The plurality ofanalysis guidelines may further instruct the team node to identify theat least one enterprise organization rule that the flagged KPI mayviolate. Alternatively, if the team node determines that the flagged KPImight not violate the enterprise organization rules, then the pluralityof analysis guidelines may instruct the team node to identify theflagged KPI as non-threatening to the security of the enterpriseartifacts. In some instances, the team node might not be able todetermine whether the flagged KPI violates at least one enterpriseorganization rule (e.g., due to ambiguous language within the enterpriseorganization rule, due to a cross reference to an enterpriseorganization rule associated with a different team and/or department, orthe like). In such instances, the plurality of analysis guidelines mayinstruct the team node to identify the flagged KPI as potentiallythreatening to the security of the enterprise artifacts and to recommendthat the flagged KPI undergo manual analysis (e.g., by an agent on theteam and/or department that corresponds to the team node, or the like).Each team node of the plurality of team nodes may transmit thedetermination (e.g., that the flagged KPI violates at least oneenterprise organization rule, that the flagged KPI might not violate theenterprise organization rules, that it may be unclear whether theflagged KPI violates at least one enterprise organization rule, or thelike) to the smart contracts node.

If the smart contracts node determines that there is consensus among theplurality of team nodes (e.g., each team node of the plurality of teamnodes indicates that the flagged KPI may threaten the security of theenterprise artifacts, or the like), then the smart contracts node maytransmit the flagged KPI to digital twin engine 115. Digital twin engine115 may receive, from the smart contracts node, the flagged KPI. Digitaltwin engine 115 may determine whether at least one enterprise artifactprotection protocol that corresponds to the flagged KPI is stored onblockchain 114. Digital twin engine 115 may determine that blockchain114 might not contain at least one enterprise artifact protectionprotocol that corresponds to the flagged KPI. Digital twin engine 115may transmit the flagged KPI to enterprise organization computing device140 along with a notification indicating that blockchain 114 might notcontain an enterprise artifact protection protocol that addresses theflagged KPI. Digital twin engine 115 may further transmit, to enterpriseorganization computing device 140, a request for the flagged KPI to bemanually analyzed by a team and/or department within the enterpriseorganization.

Alternatively, digital twin engine 115 may determine that at least oneenterprise artifact protection protocol that corresponds to the flaggedKPI is stored on blockchain 114. Digital twin engine 115 may parse theflagged KPI and may retrieve, from blockchain 114 and based on theparsing, the at least one enterprise artifact protection protocol thatcorresponds to the flagged KPI. As described above, the at least oneenterprise artifact protection protocol may comprise a series ofinstructions which, when executed, may protect the enterprise artifactsfrom scenarios that may potentially threaten (e.g., impact, weaken, orthe like) the security of the enterprise artifacts. As such, whenexecuted, the enterprise artifact protection protocol may increaseand/or preserve the security of the enterprise artifacts. Digital twinengine 115 may identify at least one enterprise artifact protectionprotocol that corresponds to the flagged KPI (e.g., addresses at leastone scenario where the flagged KPI harms the security of the enterpriseartifacts, or the like). Digital twin engine 115 may generate a sampleimplementation of the at least one identified enterprise artifactprotection protocol.

To generate the at least one sample implementation, digital twin engine115 may locate and retrieve, from blockchain 114, code that correspondsto the sample implementation of the at least one enterprise artifactprotection protocol. Digital twin engine 115 may execute the code thatcorresponds to the sample implementation of the at least one enterpriseartifact protection protocol. In doing so, digital twin engine 115 mayillustrate how the enterprise artifacts may be protected from theflagged KPI (e.g., illustrate how changing the storage location of theenterprise artifacts may increase the level of security surrounding theenterprise artifacts, illustrate how transmitting an enterpriseorganization operation from a first location to a second location maypreserve the power supply associated with the first location, or thelike).

Digital twin engine 115 may transmit the sample implementation toblockchain 114. In some instances, digital twin engine 115 may transmitthe sample implementation to the smart contracts node of blockchain 114.

Digital twin engine 115 may receive, from blockchain 114 (e.g., from thesmart contracts node of blockchain 114, or the like) an indication of atleast one enterprise artifact protection protocol to be executed.Digital twin engine 115 may locate and retrieve, from blockchain 114,code that corresponds to the at least one enterprise artifact protectionprotocol elected by blockchain 114. Digital twin engine 115 may executethe code that corresponds to the at least one enterprise artifactprotection protocol elected by blockchain 114.

In some instances, digital twin engine 115 may be configured to transmitthe enterprise artifacts from a first location (e.g., from within theenterprise organization and/or the data center, or the like) to a secondlocation (e.g., a location that may be different from the location ofthe enterprise organization and/or the data center, or the like). To doso, the code executed by digital twin engine 115 may configure digitaltwin engine 115 to identify (e.g., from a list of predetermined, securelocations, or the like) the second location and to transmit, using aplurality of data packets, the enterprise artifacts. In some instances,each data packet of the plurality of data packets may comprise acomponent of the enterprise artifacts (e.g., a portion of enterpriseorganization data, a portion of an enterprise organization application,a portion of an enterprise organization operation, or the like). Digitaltwin engine 115 may transmit the plurality of data packets to the secondlocation (e.g., a second, secure data center, or the like) and mayinstruct at least one computing device at the second location toorganize the received data packets such that the received data packetsreflect the enterprise artifacts as they existed within the firstlocation.

In some instances, digital twin engine 115 may be configured toduplicate the enterprise artifacts and to transmit the duplications tothe second location. To do so, the code executed by digital twin engine115 may configure digital twin engine 115 to duplicate each data packetsuch that, when combined, the totality of (or a predetermined subset of)the duplicated data packets may comprise the totality of (or apredetermined subset of) the enterprise artifacts. Digital twin engine115 may further be configured to replicate each data packet and totransmit each replicated data packet to the second location. Digitaltwin engine 115 may transmit, to at least one computing device at thesecond location, instructions to organize the received replications ofthe data packets such that the replications of the data packets reflectthe enterprise artifacts (or the predetermined subset of the enterpriseartifacts) as they existed within the first location.

FIG. 2 depicts an illustrative example of decentralized P2P computersystem 120 that may be used for preserving, in real-time or nearreal-time, enterprise artifacts using digital twin technology andintelligent smart contracts, in accordance with one or more aspectsdescribed herein. Decentralized P2P computer system 200 may include aplurality of full node computing devices 210A, 210B, 210C, 210D, 210E,and 210F and lightweight node computing devices 250A and 250B, which maybe respectively similar to full node computing device 210 described inFIG. 3A and lightweight node computing device 250 described in FIG. 3B.While a particular number of full node computing devices and lightweightnode computing devices are depicted in FIG. 2 , it should be understoodthat a number of full node computing devices and/or lightweight nodecomputing devices greater or less than that of the depicted full nodecomputing devices and lightweight node computing devices may be includedin decentralized P2P computer system 200. Accordingly, any additionalfull node computing devices and/or lightweight node computing devicesmay respectively perform in the manner described below in regard to fullnode computing devices 210A-210F and lightweight node computing devices250A and 250B in decentralized P2P computer system 200.

Each of full node computing devices 210A-210F may operate in concert tocreate and maintain decentralized P2P network 270 of decentralized P2Pcomputer system 200. In creating decentralized P2P network 270 ofdecentralized P2P computer system 200, processors, ASIC devices, and/orgraphics processing units (e.g., GPUs) of each full node computingdevice 210A-210F may execute network protocols which may cause each fullnode computing device 210A-210F to form a communicative arrangement withthe other full node computing devices 210A-210F in decentralized P2Pcomputer system 200. Furthermore, the execution of network protocols bythe processors, ASIC devices, and/or graphics processing units (e.g.,GPUs) of full node computing devices 210A-210F may cause full nodecomputing devices 210A-210F to execute network functions related toblockchain 114 and thereby maintain decentralized P2P network 270. Thesmart contracts node of blockchain 114 may be one of full node computingdevices 210A-210F as the smart contracts node may cause functions to beexecuted within decentralized P2P computer system 200.

Lightweight node computing devices 250A and 250B may request executionof network functions related to blockchain 114 in decentralized P2Pnetwork 201. In order to request execution of network functions, such aselecting at least one enterprise artifact protection protocol based onat least one sample implementation, processors of lightweight nodecomputing devices 250A and 250B may execute network commands tobroadcast the network functions to decentralized P2P network 270comprising full node computing devices 210A-210F. Each node of theplurality of team nodes may be one of lightweight node computing devices250A or 250B (or additional lightweight node computing devices notpictured in FIG. 2 ) as each node of the plurality of team nodes maysubmit requests to elect at least one enterprise artifact protectionprotocol to decentralized P2P network 270.

In some arrangements, a plurality of network function requests may bebroadcasted across decentralized P2P network 270. Processors, ASICdevices, and/or GPUs of full node computing devices 210A-210F mayexecute network protocols to receive broadcasts of each of the networkfunctions through decentralized P2P network 270 and from the requestingentities, including lightweight node computing devices 250A and 250B.

FIG. 3A depicts an illustrative example of a full node computing device210 that may be used for preserving, in real-time or near real-time,enterprise artifacts using digital twin technology and intelligent smartcontracts, in accordance with one or more aspects described herein. Fullnode computing device 210 may be any of a personal computer, servercomputer, hand-held or laptop device, multiprocessor system,microprocessor-based system, set top box, programmable user electronicdevice, network personal computer, minicomputer, mainframe computer,distributed computing environment, virtual computing device, and thelike and may operate in a decentralized P2P network. In someembodiments, full node computing device 210 may be configured to operatein a decentralized P2P network and to request execution of networkfunctions, and/or to execute requested network functions and to maintaininter-nodal agreement as to the state of a blockchain of thedecentralized P2P network.

Full node computing device 210 may include one or more processors 211,which control overall operation, at least in part, of full nodecomputing device 210. Full node computing device 210 may further includerandom access memory (RAM) 213, read only memory (ROM) 214, networkinterface 212, input/output interfaces 215 (e.g., keyboard, mouse,display, printer), and memory 220. Input/output (I/O) 215 may include avariety of interface units and drives for reading, writing, displaying,and/or printing data or files. In some arrangements, full node computingdevice 210 may further comprise specialized hardware components such asapplication-specific integrated circuit (e.g., ASIC) devices 216 and/orgraphics processing units (e.g., GPUs) 217. Such specialized hardwarecomponents may be used by full node computing device 210 in performingone or more of the processes involved in the execution of requestednetwork functions and maintenance of inter-nodal agreement as to thestate of a blockchain. Full node computing device 210 may further storein memory 220 operating system software for controlling overalloperation of the full node computing device 210, control logic forinstructing full node computing device 210 to perform aspects describedherein, and other application software providing secondary support,and/or other functionality which may or might not be used in conjunctionwith aspects described herein.

Memory 220 may also store data and/or computer executable instructionsused in performance of one or more aspects described herein. Forexample, memory 220 may store digital signature information 221 and oneor more hash functions 222, consensus algorithms 223, network protocols224, and network commands 225. In some arrangements, digital signatureinformation 221, hash functions 222, and/or network commands 225 maycomprise a wallet of full node computing device 210. Memory 220 mayfurther store blockchain 114. Each of digital signature information 221,hash functions 222, consensus algorithms 223, network protocols 224, andnetwork commands 225 may be used and/or executed by one or moreprocessors 211, ASIC devices 216, and/or GPUs 217 of full node computingdevice 210 to create and maintain a decentralized P2P network, requestexecution of network functions, and/or execute requested networkfunctions and maintain inter-nodal agreement as to the state ofblockchain 114.

In order to request execution of network functions, such as a request toelect at least one enterprise artifact protection protocol, processors211, ASIC devices 216, and/or GPUs 217 of full node computing device 210may execute network commands 225 to broadcast the network function to adecentralized P2P network comprising a plurality of full nodes and/orlightweight nodes. The request may be digitally signed by full nodecomputing device 210 with usage of the private/public key informationand through execution of the digital signature algorithms of digitalsignature information 221. In order to execute requested networkfunctions and maintain inter-nodal agreement as to the state of ablockchain, processors 211, ASIC devices 216, and/or GPUs 217 of fullnode computing device 210 may execute network protocols 224 to receive abroadcast of a requested network function through a decentralized P2Pnetwork and from a requesting entity such as a full node or lightweightnode.

Memory 220 of full node computing device 210 may store blockchain 114.Blockchain 114 may include blocks 227A, 227B, 227C, . . . 227 n, whereinblock 227A represents the first block (e.g., genesis block) ofblockchain 114 and block 227 n represents the most immediate block ofblockchain 114. As such, the blockchain 114, which may be a replica orcopy of the blockchain of the decentralized P2P network in which fullnode computing device 210 operates, may be a full or complete copy ofthe blockchain of the decentralized P2P network. Each of the blockswithin blockchain 114 may include information corresponding to the oneor more network functions executed by the decentralized P2P network. Assuch, blockchain 114 as stored in memory 220 of full node computingdevice 210 may comprise the totality of network functions executed bythe decentralized network.

FIG. 3B depicts an illustrative example of a lightweight node computingdevice 250 that may be used for preserving, in real-time or nearreal-time, enterprise artifacts using digital twin technology andintelligent smart contracts, in accordance with one or more aspectsdescribed herein. Lightweight node computing device 250 may be any of apersonal computer, server computer, hand-held or laptop device,multiprocessor system, microprocessor-based system, set top box,programmable user electronic device, network personal computer,minicomputer, mainframe computer, distributed computing environment,virtual computing device, or the like, and may operate in adecentralized P2P network. In some embodiments, lightweight nodecomputing device 250 may operate in a decentralized P2P network and maybe configured to request execution of network functions through thedecentralized P2P network. As such, lightweight node computing device250 may be different from full node computing device 210 in that itmight not be configured to execute network functions and/or to maintaina blockchain of a decentralized P2P network. In other aspects,lightweight node computing device 250 may have substantially the samephysical configuration as full node computing device 210, but may beconfigured with different programs and/or software.

Lightweight node computing device 250 may include one or more processors251, which control overall operation of lightweight node computingdevice 250. Lightweight node computing device 250 may further includerandom access memory (RAM) 253, read only memory (ROM) 254, networkinterface 252, input/output interfaces 255 (e.g., keyboard, mouse,display, printer), and memory 260. Input/output (I/O) 255 may include avariety of interface units and drives for reading, writing, displaying,and/or printing data or files. Lightweight node computing device 250 maystore in memory 260 operating system software for controlling overalloperation of the lightweight node computing device 250, control logicfor instructing lightweight node computing device 250 to perform aspectsdescribed herein, and other application software providing secondarysupport and/or other functionality, which may or might not be used inconjunction with aspects described herein.

In comparison to full node computing device 210, lightweight nodecomputing device 250 might not include, in some instances, specializedhardware such as ASIC devices 216 and/or GPUs 217. This may be becauselightweight node computing device 250 might not be configured to executenetwork functions and/or to maintain a blockchain of a decentralized P2Pnetwork as is full node computing device 210.

Memory 260 of lightweight node computing device 250 may store dataand/or computer executable instructions used in performance of one ormore aspects described herein. For example, memory 260 may store digitalsignature information 261 and one or more hash functions 222 and networkcommands 225. In some arrangements, digital signature information 261,hash functions 222, and/or network commands 225 may comprise a wallet oflightweight node computing device 250. Each of hash functions 222 andnetwork commands 225 stored in memory 260 of lightweight node computingdevice 250 may be respectively similar and/or identical to hashfunctions 222 and/or network commands 225 stored in memory 220 of fullnode computing device 210. Each of digital signature information 261stored in memory 260 of lightweight node computing device 250 anddigital signature information 221 stored in memory 220 of full nodecomputing device 210 may comprise similar and/or identical digitalsignature algorithms. However, the private/public key information ofdigital signature information 261 stored in memory 260 of lightweightnode computing device 250 may be different from that of theprivate/public key information of digital signature information 221stored in memory 220 of full node computing device 210. Theprivate/public key information of each node, whether full orlightweight, in a decentralized P2P computing network may be unique tothat particular node.

Each of digital signature information 261, hash functions 222, andnetwork commands 225 may be used and/or executed by one or moreprocessors 251 of lightweight node computing device 250 to requestexecution of network functions in a decentralized P2P network. Forexample, in order to request execution of network functions, such as arequest to elect at least one enterprise artifact protection protocol,processors 251 of lightweight node computing device 250 may executenetwork commands 225 to broadcast the network function to adecentralized P2P network comprising a plurality of full nodes and/orlightweight nodes. The request may be digitally signed by lightweightnode computing device 250 with usage of the private/public keyinformation and through execution of the digital signature algorithms ofdigital signature information 261.

Memory 260 of lightweight node computing device 250 may store blockchain114. Blockchain 114 stored in memory 260 of lightweight node computingdevice 250 may include at least block 227 n, wherein block 227 nrepresents the most immediate block of blockchain 114. As such,blockchain 114, which may be a replica or copy of the blockchain of thedecentralized P2P network in which lightweight node computing device 250operates, may be a partial or incomplete copy of the blockchain of thedecentralized P2P network. In some instances, however, blockchain 114may include blocks 227A, 227B, 227C, . . . 227 n, wherein block 227Arepresents the first block (e.g., genesis block) of blockchain 114 andblock 227 n represents the most immediate block of blockchain 114. Assuch, the blockchain 114 may be a full or complete copy of theblockchain of the decentralized P2P network. Each of the blocks withinblockchain 114 may include information corresponding to the one or morenetwork functions executed by the decentralized P2P network.

Preserving Enterprise Artifacts Using Digital Twin Technology andIntelligent Smart Contracts

FIGS. 4A-4G depict an illustrative event sequence for preserving, inreal-time or near real-time, enterprise artifacts using digital twintechnology and intelligent smarts contracts, in accordance with one ormore aspects described herein. While aspects described with respect toFIG. 4A to FIG. 5B include the evaluation of a single stream of internaldata and a single stream of external data, a plurality of streams ofinternal data and a plurality and stream of external data may bereceived and evaluated (e.g., in parallel) without departing from thepresent disclosure.

Referring to FIG. 4A, at step 401, external computing device 120 maycontinuously monitor real-world conditions (e.g., conditions thatdescribe an environment surrounding an enterprise organization,conditions that describe an environment surrounding a data center, orthe like). External computing device 120 may be configured to receive astream of external data (e.g., local weather reports, natural disastertracking, international news reports on resource shortages, domesticnews reports on events occurring in a particular location, or the like)that corresponds to at least one of the geographic location of theenterprise organization or the geographic location of the data center.

At step 402, external computing device 120 may transmit the externaldata to data filtration and aggregation engine 111. At step 403, datafiltration and aggregation engine 111 may receive the external data fromexternal computing device 120 and may store the external data foradditional processing, as discussed below.

At step 404, internal computing device 130 may continuously monitorconditions within the enterprise organization and/or within the datacenter. Internal computing device 130 may be configured to receive astream of internal data (e.g., current CPU capacity, maximum CPUcapacity, current load usage, maximum load capacity, system powerlevels, or the like) that may describe at least one internal conditionthat may correspond to the enterprise organization and/or may correspondto the data center.

At step 405, internal computing device 130 may transmit the internaldata to data filtration and aggregation engine 111. At step 406, datafiltration and aggregation engine 111 may receive the internal data frominternal computing device 130 and may store the internal data foradditional processing, as discussed below.

At step 407, data filtration and aggregation engine 111 may filter thereceived data into separate groups based on whether the data correspondsto a stream of external data or a stream of internal data. Datafiltration and aggregation engine 111 may aggregate the streams ofexternal data into an external data group and may aggregate the streamsof internal data into an internal data group. Within the external datagroup, data filtration and aggregation engine 111 may parse each pieceof external data to identify at least one data type and at least onedata value that may correspond to the piece of external data. Theidentified data type may describe the corresponding data stream. Forexample, a data stream containing a weather report on an incoming hailstorm may correspond to the data type “HAIL_STORM_ESSEXCTY,NJ,” whereinESSEXCTY,NJ may indicate that the location of hail storm is EssexCounty, New Jersey. The identified data value may describe the data typeand/or data stream. For example, a data value that corresponds to“HAIL_STORM_ESSEXCTY,NJ” may be “HAIL_2INCHES,” wherein the 2INCHES mayindicate an approximate size of the incoming hail.

Similarly, within the internal data group, data filtration andaggregation engine 111 may parse each piece of internal data to identifyat least one data type and at least one data value that may correspondto the piece of internal data. The identified data type may describe thecorresponding data stream. For example, a data stream containing acurrent power supply level within a first data center may correspond tothe data type “DATA_CENTER1_POWER.” The identified data value maydescribe the data type and/or data stream. For example, a data valuethat corresponds to “DATA_CENTER1_POWER” may be “90%.”

Referring to FIG. 4B, at step 408, data filtration and aggregationengine 111 may generate a data structure to store each piece of externaldata and each piece of internal data. Data filtration and aggregationengine 111 may store each piece of external data and each piece ofinternal data within the data structure based on the previouslyidentified data types (e.g., based on the stream to which each piece ofdata corresponds, or the like) and based on the previously identifieddata values that correspond to the previously identified data types. Thedata structure may indicate the plurality of data types and, as such,data filtration and aggregation engine 111 may use the plurality of datatypes to populate the data structure (e.g., match at least onepreviously identified data type to at least one data type indicated inthe data structure and store each piece of external data (or each pieceof internal data) based on the matching data types, or the like).

In some instances, data filtration and aggregation engine 111 maydetermine that at least one piece of external data or at least one pieceof internal data might not correspond to the plurality of data typesidentified in the data structure. As such, data filtration andaggregation engine 111 may identify at least one additional data typethat may correspond to the at least one piece of external data or the atleast one piece of internal data, and may store the at least one pieceof external data or the at least one piece of internal data in the datastructure based on the at least one additional data type.

In some instances, data filtration and aggregation engine 111 maygenerate a portion of the data structure using the external data and theinternal data. As such, data filtration and aggregation engine 111 may,upon filtering and aggregating new streams of data, add the newlyfiltered and aggregated data to the existing data structure bygenerating an additional portion of the existing data structure and byadding the additional portion to the existing data structure.

At step 409, data filtration and aggregation engine 111 may store thedata structure and/or the portion of the data structure withinaggregated data database 112. Upon receipt of an additional portion ofthe existing data structure, aggregated data database 112 may flag thepreviously received portions of the data structure as historic data(e.g., historic external data, historic internal data, or the like). Insome instances, upon receipt of a new data structure, aggregated datadatabase 112 may flag the previously receive data structures as historicdata (e.g., historic external data, historic internal data, or thelike). The historic external data may comprise external data that waspreviously analyzed and processed using the features and methodsdescribed herein. Similarly, the historic internal data may compriseinternal data that was previously analyzed and processed using thefeatures and methods described herein.

At step 410, critical event prediction engine 113 may retrieve, fromaggregated data database 112, the data structure(s) and/or portions ofthe data structure, the historic external data, and the historicinternal data. Critical event prediction engine 113 may identify thecurrent external data, the current internal data, the historic externaldata, and the historic internal data. In some instances, critical eventprediction engine 113 may identify the historic external data and thehistoric internal data based on whether the external data and/or theinternal data was flagged, by aggregated data database 112, as historicexternal data and/or historic internal data.

At step 411, critical event prediction engine 113 may compare theexternal data (or the internal data) to the historic external data (orthe historic internal data). Critical event prediction engine 113 may,using the data structure(s) and/or the portion of the data structure,compare the plurality of data types associated with the historicexternal data (or the historic internal data) to the plurality of datatypes associated with the external data (or the internal data).

Referring to FIG. 4C, at step 412, critical event prediction engine 113may determine, based on the previously described comparison, whether theexternal data (or the internal data) may be consistent with (e.g.,correspond to, match, be similar to, or the like) the historicalexternal data (or the historical internal data). If, at step 412,critical event prediction engine 113 determines that the external data(or the internal data) is consistent with the historical external data(or the historical internal data), then, at step 413 a, critical eventprediction engine 113 may continue analyzing the remaining external data(or the remaining internal data). In some instances, critical eventprediction engine 113 may determine that the external data (or theinternal data) might not have been previously received (e.g., theremight not be historic external data (or historic internal data) to whichcritical event prediction engine 113 may compare the current externaldata (or the current internal data), or the like). As such, criticalevent prediction engine 113 may terminate analysis on the external data(or the internal data) that might not have been previously received andmay analyze the remaining external data (or the remaining internaldata).

In some instances, critical event prediction engine 113 may determinethat at least one data type associated with the external data (or theinternal data) may correspond to (e.g., match, be similar to, or thelike) at least one data type associated with the historic external data(or the historic internal data). Critical event prediction engine 113may compare the data value that corresponds to the data type associatedwith the external data (or the internal data) to the data value thatcorresponds to the data type associated with the historic external data(or the historic internal data). Critical event prediction engine 113may determine whether the data value that corresponds to the data typeassociated with the external data (or the internal data) is consistentwith (e.g., matches, is within a predetermined range, or the like) thedata value that corresponds to the data type associated with thehistoric external data (or the historic internal data). In someinstances, critical event prediction engine 113 may determine that thedata values are consistent (e.g., match, are within the predeterminedrange, or the like). As such, critical event prediction engine 113 mightnot flag the data value that corresponds to the data type associatedwith the external data (or the internal data). Critical event predictionengine 113 may analyze the remaining external data (or the remaininginternal data), if any.

Alternatively, if, at step 412, critical event prediction engine 113determines that the external data (or the internal data) might not beconsistent with the historical external data (or the historical internaldata), then, at step 413 b, critical event prediction engine 113 mayidentify the inconsistency between the data value that corresponds tothe data type associated with the external data (or the internal data)and the data value that corresponds to the data type associated with thehistorical external data (or the historical internal data). Criticalevent prediction engine 113 may identify the inconsistency using a keyperformance indicator (KPI). The KPI may specify a feature (e.g.,measurement, parameter, or the like) of the data type that correspondsto the external data (or the internal data) that may be different fromthe same KPI (e.g., measurement, parameter, or the like) of the datatype that corresponds to the historic external data (or the historicinternal data). Critical event prediction engine 113 may flag the KPIthat identifies the inconsistency between the data value thatcorresponds to the data type associated with the external data (or theinternal data) and the data value that corresponds to the data typeassociated with the historic external data (or the historic internaldata).

Referring to FIG. 4D, at step 414, critical event prediction engine 113may transmit, to blockchain 114, the at least one flagged KPI, the datatype and data value that correspond to the external data (or theinternal data), and the data type and data value that correspond to thehistoric external data (or the historic internal data). At step 415,blockchain 114 may receive the at least one flagged KPI, the data typeand data value that correspond to the external data (or the internaldata), and the data type and data value that correspond to the historicexternal data (or the historic internal data). In particular, the smartcontracts node on blockchain 114 may receive the at least one flaggedKPI, the data type and data value that correspond to the external data(or the internal data), and the data type and data value that correspondto the historic external data (or the historic internal data), and maystore the received data in data blocks on the blockchain.

At step 416, enterprise organization computing device 140 may generate aplurality of analysis guidelines. Each team node, of the plurality ofteam nodes on blockchain 114, may use the plurality of analysisguidelines to determine whether a flagged KPI may threaten the securityof the enterprise artifacts. In some instances, the plurality ofanalysis guidelines may instruct each team node to review enterpriseorganization rules specific to the particular team and/or departmentwithin the enterprise organization. The plurality of analysis guidelinesmay instruct each team node to compare the flagged KPI to the enterpriseorganization rules specific to the particular team and/or department todetermine whether the flagged KPI violates at least one enterpriseorganization rule. If the team node determines that the flagged KPIviolates at least one enterprise organization rule, then the pluralityof analysis guidelines may instruct the team node to identify theflagged KPI as a potential threat to the security of the enterpriseartifacts. The plurality of analysis guidelines may further instruct theteam node to identify the at least one enterprise organization rule thatthe flagged KPI may violate. Alternatively, if the team node determinesthat the flagged KPI might not violate the enterprise organizationrules, then the plurality of analysis guidelines may instruct the teamnode to identify the flagged KPI as non-threatening to the security ofthe enterprise artifacts. In some instances, the team node might not beable to determine whether the flagged KPI violates at least oneenterprise organization rule (e.g., due to ambiguities within the atleast one enterprise organization rule, due to a cross reference to atleast one enterprise organization rule associated with a differentand/or additional team and/or department within the enterpriseorganization, or the like). In such instances, the plurality of analysisguidelines may instruct the team node to identify the flagged KPI aspotentially threatening to the security of the enterprise artifacts andto recommend that the flagged KPI undergo manual analysis (e.g., by anagent on the team and/or department that corresponds to the team node).

Enterprise organization computing device 140 may further be configuredto generate a plurality of enterprise artifact protection protocols. Anenterprise artifact protection protocol may comprise a series ofinstructions which, when executed, may protect the enterprise artifactsfrom scenarios that may potentially threaten (e.g., impact, weaken, orthe like) the security of the enterprise artifacts. As such, whenexecuted, the enterprise artifact protection protocols may increaseand/or preserve the security of the enterprise artifacts.

To generate the plurality of enterprise artifact protection protocols,enterprise organization computing device 140 may predict a plurality ofevents that may threaten the security of the enterprise artifacts (e.g.,a power outage at the data center due to an ice storm, CPU usage withinthe enterprise organization approaching maximum CPU capacity, or thelike). To predict the plurality of events that may threaten the securityof the enterprise artifacts, enterprise organization computing device140 may analyze the historic external data and the historic internaldata (e.g., external data and internal data that was previously receivedand processed using the features described herein, or the like).Enterprise organization computing device 140 may determinecountermeasures that, when executed, may protect the enterpriseartifacts and may use the countermeasures to generate the plurality ofenterprise artifact protection protocols. Enterprise organizationcomputing device 140 may draft code, using at least one programminglanguage, that, when executed, may initiate the corresponding enterpriseartifact protection protocol. In some instances, enterprise organizationcomputing device 140 may draft code, using at least one programminglanguage, that corresponds to a sample implementation of at least oneenterprise artifact protection protocol (e.g., a sample implementationof a feature of at least one enterprise artifact protection protocol, orthe like) and that, when executed, may initiate the corresponding sampleimplementation of the enterprise artifact protection protocol.

At step 417, enterprise organization computing device 140 may transmitthe plurality of analysis guidelines and the plurality of enterpriseartifact protection protocols to blockchain 114. At step 418, blockchain114 (e.g., the smart contracts node on blockchain 114) may store eachanalysis guideline, of the plurality of analysis guidelines, within adifferent data block of a plurality of data blocks on blockchain 114.Similarly, blockchain 114 (e.g., the smart contracts node on blockchain114) may store each enterprise artifact protection protocol, of theplurality of enterprise artifact protection protocols, within adifferent data block of the plurality of data blocks on blockchain 114.

In some instances, enterprise organization computing device 140 maymodify an existing analysis guideline and/or an existing enterpriseartifact protection protocol. Enterprise organization computing device140 may transmit the modifications to blockchain 114 and may instructblockchain 114 (e.g., the smart contracts node on blockchain 114) tostore each modification within a different data block of the pluralityof data blocks on blockchain 114. Enterprise organization computingdevice 140 may further instruct blockchain 114 to execute the modifiedanalysis guidelines and/or the modified enterprise artifact protectionprotocol (e.g., as opposed to the original analysis guideline and/or theoriginal enterprise artifact protection protocol).

At step 419, the smart contracts node on blockchain 114 may use the atleast one flagged KPI, the data type and data value that correspond tothe external data (or the internal data), and the data type and datavalue that correspond to the historic external data (or the historicinternal data) to determine a critical value for each of the at leastone flagged KPIs. The critical value that corresponds to the flagged KPImay indicate a predicted degree of whether and/or how much the flaggedKPI may threaten (e.g., harm, weaken, or the like) the security of theenterprise artifacts. The critical value may be within a predeterminedrange (e.g., a scale from 0.0 to 10.0). A critical value may beassociated with a first level critical value if the critical value iscloser to 0.0. A critical value that may be associated with the firstlevel critical value may indicate that the corresponding flagged KPImight not pose a threat to the security of the enterprise artifacts.Alternatively, a critical value may be associated with a second levelcritical value if the critical value is closer 10.0. A critical valuethat may be associated with the second level critical value may indicatethat the corresponding flagged KPI may pose a threat to the security ofthe enterprise artifacts.

To determine the critical value that corresponds to the flagged KPI, thesmart contracts node may consider a plurality of conditions that maypredict the degree of impact that the flagged KPI may inflict upon theenterprise organization and/or the data center and, by extension, thesecurity of the enterprise artifacts. In some instances, the smartcontracts node may consider the urgency of the flagged KPI (e.g., apredicted amount of time remaining before a natural disaster causes theenterprise organization and/or the data center to experience powerfailure, or the like), the current state of the flagged KPI (e.g.,whether the enterprise organization and/or the data center commencedpower failure recovery procedures, or the like), the predicted wind downperiod of the flagged KPI (e.g., a predicted amount of time until thecompletion of an enterprise operation that may overload the current CPUcapacity, or the like), and/or the likelihood of the flagged KPI passing(e.g., a likelihood of a tornado's path turning away from the enterpriseorganization and/or the data center, or the like).

Referring to FIG. 4E, at step 420, the smart contracts node onblockchain 114 may distribute the at least one flagged KPI and thecritical values that correspond to the at least one flagged KPI to theplurality of team nodes on blockchain 114. At step 421, the plurality ofteam nodes on blockchain 114 may receive, from the smart contracts node,the at least one flagged KPI and the critical value associated with eachflagged KPI. Each team node of the plurality of team nodes may use theplurality of analysis guidelines, received by blockchain 114 and fromenterprise organization computing device 140, to determine whether theflagged KPI may threaten the security of the enterprise artifacts. To doso, in some instances, the plurality of analysis guidelines may instructeach team node to review the enterprise organization rules specific tothe particular team and/or department within the enterpriseorganization. The plurality of analysis guidelines may instruct eachteam node to compare the flagged KPI to the enterprise organizationrules specific to the particular team and/or department to determinewhether the flagged KPI may violate at least one enterprise organizationrule.

If the team node determines that the flagged KPI may violate at leastone enterprise organization rule, then the plurality of analysisguidelines may instruct the team node to identify the flagged KPI as apotential threat to the security of the enterprise artifacts. Theplurality of analysis guidelines may further instruct the team node toidentify the at least one enterprise organization rule that the flaggedKPI may violate. Alternatively, if the team node determines that theflagged KPI might not violate the enterprise organization rules, thenthe plurality of analysis guidelines may instruct the team node toidentify the flagged KPI as non-threatening to the security of theenterprise artifacts. In some instances, the team node might not be ableto determine whether the flagged KPI may violate at least one enterpriseorganization rule (e.g., due to ambiguous language within the enterpriseorganization rule, due to a cross reference to at least one enterpriseorganization rule associated with a different team and/or department, orthe like). In such instances, the plurality of analysis guidelines mayinstruct the team node to identify the flagged KPI as potentiallythreatening to the security of the enterprise artifacts and to recommendthat the flagged KPI undergo manual analysis (e.g., by an agent on theteam and/or department that corresponds to the team node, or the like).Each team node of the plurality of team nodes may transmit thedetermination (e.g., that the flagged KPI violates at least oneenterprise organization rule, that the flagged KPI might not violate theenterprise organization rules, that it may be unclear whether theflagged KPI violates at least one enterprise organization rule, or thelike) to the smart contracts node.

At step 422 a, the smart contracts node may receive, from at least oneteam node of the plurality of team nodes, an indication that the flaggedKPI might not threaten the security of the enterprise artifacts and mayreceive, from at least one different team node of the plurality of teamnodes, an indication that the flagged KPI may threaten the security ofthe enterprise artifacts (e.g., there might not be consensus among theteam nodes, or the like). In such instances, the smart contracts nodemay transmit the flagged KPI and the critical value associated with theflagged KPI to enterprise organization computing device 140. The smartcontracts node may also transmit, to enterprise organization computingdevice 140, instructions to manually analyze the flagged KPI and thecritical value associated with the flagged KPI.

Alternatively, referring to FIG. 4F and at step 422 b, the smartcontracts node may receive, from each team node of the plurality of teamnodes, an indication that the flagged KPI may threaten the security ofthe enterprise artifacts (e.g., there may be consensus among the teamnodes that the flagged KPI may threaten the security of the enterpriseartifacts). The smart contracts node may transmit the flagged KPI todigital twin engine 115.

At step 423, digital twin engine 115 may parse the flagged KPI and maydetermine whether at least one enterprise artifact protection protocolthat corresponds to the flagged KPI is stored in blockchain 114. If, atstep 423, digital twin engine 115 determines that blockchain 114 mightnot contain at least one enterprise artifact protection protocol thatcorresponds to the flagged KPI, then, at step 424 a, digital twin engine115 may transmit the flagged KPI to enterprise organization computingdevice 140 along with a notification indicating that blockchain 114might not contain an enterprise artifact protection protocol thataddresses the flagged KPI. Digital twin engine 115 may further transmit,to enterprise organization computing device 140, a request for theflagged KPI to be manually analyzed by a team and/or department withinthe enterprise organization.

Alternatively, if, at step 423, digital twin engine 115 determines thatat least one enterprise artifact protection protocol that corresponds tothe flagged KPI is stored on blockchain 114, then, referring to FIG. 4Gand at step 424 b, digital twin engine 115 may parse the flagged KPI andmay retrieve, from blockchain 114 and based on the parsing, the at leastone enterprise artifact protection protocol that corresponds to theflagged KPI. The at least one enterprise artifact protection protocolmay comprise a series of instructions which, when executed, may protectthe enterprise artifacts from scenarios (e.g., from the flagged KPI, orthe like) that may potentially threaten (e.g., impact, weaken, or thelike) the security of the enterprise artifacts. As such, when executed,the enterprise artifact protection protocol may increase and/or preservethe security of the enterprise artifacts.

At step 425, digital twin engine 115 may identify at least oneenterprise artifact protection protocol that corresponds to the flaggedKPI (e.g., addresses at least one scenario where the flagged KPI harmsthe security of the enterprise artifacts, or the like). Digital twinengine 115 may generate a sample implementation of the at least oneidentified enterprise artifact protection protocol. To generate thesample implementation, digital twin engine 115 may locate and retrieve,from blockchain 114, code that corresponds to the sample implementationof at least one feature of the at least one enterprise artifactprotection protocol. Digital twin engine 115 may execute the code thatcorresponds to the sample implementation of the at least one feature ofthe at least one enterprise artifact protection protocol. In doing so,digital twin engine 115 may illustrate how the enterprise artifacts maybe protected from the flagged KPI (e.g., illustrate how changing thestorage location of the enterprise artifacts may increase the level ofsecurity surrounding the enterprise artifacts, illustrate howtransmitting an enterprise organization operation from a first locationto a second location may preserve the power supply associated with thefirst location, or the like). Digital twin engine 115 may transmit thesample implementation to blockchain 114. In some instances, digital twinengine 115 may transmit the sample implementation to the smart contractsnode of blockchain 114.

At step 426, the smart contracts node on blockchain 114 may receive,from digital twin engine 115, at least one sample implementation of atleast one feature of at least one enterprise artifact protectionprotocol. The smart contracts node may analyze each sampleimplementation and may elect an enterprise artifact protection protocol,which may be used to safeguard the enterprise artifacts from the flaggedKPI. In some instances, the smart contracts node on blockchain 114 maybe configured to elect (e.g., automatically, or the like) at least oneenterprise artifact protection protocol based on considering a pluralityof conditions. In some instances, the smart contracts node may considerwhether electing a particular enterprise artifact protection protocolmay jeopardize (e.g., negatively affect, or the like) at least oneenterprise artifact (e.g., if transmitting a first enterpriseorganization operation from a first data center to a second data centermay interrupt a second enterprise organization operation, then do notelect the enterprise artifact protection protocol that may transmit thefirst enterprise organization operation from the first data center tothe second data center, or the like). In some instances, the smartcontracts node may consider whether electing a particular enterpriseartifact protection protocol may further threaten the security of theenterprise artifacts (e.g., if initiating a back-up power sequence mayoverload the current power supply capacity within the enterpriseorganization, then do not elect the enterprise artifact protectionprotocol that may initiate the back-up power sequence as that may causethe enterprise organization to experience power failure, or the like).In some instances, the smart contracts node may determine whether aparticular enterprise artifact protection protocol should be electedbased on present conditions and known dangers (e.g., when the locationof a first data center is likely to experience high winds from anincoming hurricane, elect at least one enterprise artifact protectionprotocol that may replicate the enterprise artifacts and transmit thereplicated enterprise artifacts to a second data center since the firstdata center has, historically, been unable to maintain a steady powersupply during hurricane-like winds, or the like). The smart contractsnode may, based on the analysis, elect at least one enterprise artifactprotection protocol.

At step 427, blockchain 114 (e.g., the smart contracts node onblockchain 114) may transmit, to digital twin engine 115, a notificationindicating the at least one elected enterprise artifact protectionprotocol. The smart contracts node may further transmit, to digital twinengine 115, instructions to execute the at least one elected enterpriseartifact protection protocol.

At step 428, digital twin engine 115 may receive, from the smartcontracts node on the blockchain, an indication of at least oneenterprise artifact protection protocol to be executed. Digital twinengine 115 may locate and retrieve, from blockchain 114, code thatcorresponds to the at least one enterprise artifact protection protocolelected by blockchain 114. Digital twin engine 115 may execute the codethat corresponds to the at least one enterprise artifact protectionprotocol elected by blockchain 114.

In some instances, digital twin engine 115 may be configured to transmitthe enterprise artifacts from a first location (e.g., from within theenterprise organization and/or the data center, or the like) to a secondlocation (e.g., a location that may be different from the location ofthe enterprise organization and/or the data center, or the like). To doso, the code executed by digital twin engine 115 may configure digitaltwin engine 115 to identify (e.g., from a list of predetermined, securelocations, or the like) the second location and to transmit, using aplurality of data packets, the enterprise artifacts. In some instances,each data packet of the plurality of data packets may comprise acomponent of the enterprise artifacts (e.g., a portion of enterpriseorganization data, a portion of an enterprise organization application,a portion of an enterprise organization operation, or the like). Digitaltwin engine 115 may transmit the plurality of data packets to the secondlocation (e.g., a second, secure data center, or the like) and mayinstruct at least one computing device at the second location toorganize the received data packets such that the received data packetsreflect the enterprise artifacts as they existed within the firstlocation.

In some instances, digital twin engine 115 may be configured toduplicate the enterprise artifacts and to transmit the duplications tothe second location. To do so, the code executed by digital twin engine115 may configure digital twin engine 115 to duplicate each data packetsuch that, when combined, the totality of (or a predetermined subset of)the duplicated data packets may comprise the totality of (or apredetermined subset of) the enterprise artifacts. Digital twin engine115 may further be configured to replicate each data packet and totransmit each replicated data packet to the second location. Digitaltwin engine 115 may transmit, to at least one computing device at thesecond location, instructions to organize the received replications ofthe data packets such that the organization of the replications of thedata packets reflect the enterprise artifacts (or the predeterminedsubset of the enterprise artifacts) as they existed within the firstlocation.

FIGS. 5A-5B depicts a flow diagram illustrating one example method forpreserving, in real-time or near real-time, enterprise artifacts usingdigital twin technology and intelligent smart contracts, in accordancewith one or more aspects described herein. The processes illustrated inFIGS. 5A-5B are merely sample processes and functions. The steps shownmay be performed in the order shown, in a different order, more stepsmay be added, or one or more steps may be omitted, without departingfrom the disclosure. In some examples, one or more steps may beperformed simultaneously with other steps shown and described. Further,one or more steps described with respect to FIGS. 5A-5B may be performedin real-time or near real-time.

Referring to FIG. 5A, at step 501, external computing device 120 maycontinuously monitor real-world conditions (e.g., conditions thatdescribe an environment surrounding an enterprise organization,conditions that describe an environment surrounding a data center, orthe like). External computing device 120 may be configured to receive astream of external data (e.g., local weather reports, natural disastertracking, international news reports on resource shortages, domesticnews reports on events occurring in a particular location, or the like)that corresponds to at least one of the geographic location of theenterprise organization or the geographic location of the data center.

At step 502, external computing device 120 may transmit the externaldata to data filtration and aggregation engine 111.

At step 503, data filtration and aggregation engine 111 may receive andstore the external data for additional processing, as discussed below.

At step 504, internal computing device 130 may continuously monitorconditions within the enterprise organization and/or within the datacenter. Internal computing device 130 may be configured to receive astream of internal data (e.g., current CPU capacity, maximum CPUcapacity, current load usage, maximum load capacity, system powerlevels, or the like) that may describe at least one internal conditionthat may correspond to the enterprise organization and/or may correspondto the data center.

At step 505, internal computing device 130 may transmit the internaldata to data filtration and aggregation engine 111.

At step 506, data filtration and aggregation engine 111 may receive andstore the internal data for additional processing, as discussed below.

At step 507, data filtration and aggregation engine 111 may filter thereceived data into separate groups based on whether the data correspondsto a stream of external data or a stream of internal data. Datafiltration and aggregation engine 111 may aggregate the streams ofexternal data into an external data group and may aggregate the streamsof internal data into an internal data group. Within the external datagroup, data filtration and aggregation engine 111 may parse each pieceof external data to identify at least one data type and at least onedata value that may correspond to the piece of external data. Theidentified data type may describe the corresponding data stream. Theidentified data value may describe the data type and/or data stream.

Similarly, within the internal data group, data filtration andaggregation engine 111 may parse each piece of internal data to identifyat least one data type and at least one data value that may correspondto the piece of internal data. The identified data type may describe thecorresponding data stream. The identified data value may describe thedata type and/or data stream.

At step 508, data filtration and aggregation engine 111 may generate adata structure to store each piece of external data and each piece ofinternal data. Data filtration and aggregation engine 111 may store eachpiece of external data and each piece of internal data within the datastructure based on the previously identified data types (e.g., based onthe stream to which each piece of data corresponds, or the like) andbased on the previously identified data values that correspond to thepreviously identified data types. The data structure may indicate theplurality of data types and, as such, data filtration and aggregationengine 111 may use the plurality of data types to populate the datastructure (e.g., match at least one previously identified data type toat least one data type indicated in the data structure and store eachpiece of external data (or each piece of internal data) based on thematching data types, or the like).

In some instances, data filtration and aggregation engine 111 maydetermine that at least one piece of external data or at least one pieceof internal data might not correspond to the plurality of data typesidentified in the data structure. As such, data filtration andaggregation engine 111 may identify at least one additional data typethat may correspond to the at least one piece of external data or the atleast one piece of internal data, and may store the at least one pieceof external data or the at least one piece of internal data in the datastructure based on the at least one additional data type.

In some instances, data filtration and aggregation engine 111 maygenerate a portion of the data structure using the external data and theinternal data. As such, data filtration and aggregation engine 111 may,upon filtering and aggregating new streams of data, add the newlyfiltered and aggregated data to the existing data structure bygenerating an additional portion of the existing data structure and byadding the additional portion to the existing data structure.

At step 509, data filtration and aggregation engine 111 may store thedata structure and/or the portion of the data structure withinaggregated data database 112. Upon receipt of an additional portion ofthe existing data structure, aggregated data database 112 may flag thepreviously received portions of the data structure as historic data(e.g., historic external data, historic internal data, or the like). Insome instances, upon receipt of a new data structure, aggregated datadatabase 112 may flag the previously receive data structures as historicdata (e.g., historic external data, historic internal data, or thelike). The historic external data may comprise external data that waspreviously analyzed and processed using the features and methodsdescribed herein. Similarly, the historic internal data may compriseinternal data that was previously analyzed and processed using thefeatures and methods described herein.

At step 510, critical event prediction engine 113 may retrieve, fromaggregated data database 112, the data structure(s) and/or portions ofthe data structure, the historic external data, and the historicinternal data. Critical event prediction engine 113 may identify thecurrent external data, the current internal data, the historic externaldata, and the historic internal data. In some instances, critical eventprediction engine 113 may identify the historic external data and thehistoric internal data based on whether the external data and/or theinternal data was flagged, by aggregated data database 112, as historicexternal data and/or historic internal data.

At step 511, critical event prediction engine 113 may compare theexternal data (or the internal data) to the historic external data (orthe historic internal data). Critical event prediction engine 113 may,using the data structure(s) and/or the portion of the data structure,compare the plurality of data types associated with the historicexternal data (or the historic internal data) to the plurality of datatypes associated with the external data (or the internal data).

At step 512, critical event prediction engine 113 may determine, basedon the previously described comparison, whether the external data (orthe internal data) may be consistent with (e.g., correspond to, match,be similar to, or the like) the historical external data (or thehistorical internal data).

If, at step 512, critical event prediction engine 113 determines thatthe external data (or the internal data) is consistent with thehistorical external data (or the historical internal data), then,critical event prediction engine 113 may repeat step 511 and maycontinue analyzing the remaining external data (or the remaininginternal data). In some instances, critical event prediction engine 113may determine that the external data (or the internal data) might nothave been previously received (e.g., there might not be historicexternal data (or historic internal data) to which critical eventprediction engine 113 may compare the current external data (or thecurrent internal data), or the like). As such, critical event predictionengine 113 may terminate analysis on the external data (or the internaldata) that might not have been previously received and may analyze theremaining external data (or the remaining internal data).

In some instances, critical event prediction engine 113 may determinethat at least one data type associated with the external data (or theinternal data) may correspond to (e.g., match, be similar to, or thelike) at least one data type associated with the historic external data(or the historic internal data). Critical event prediction engine 113may compare the data value that corresponds to the data type associatedwith the external data (or the internal data) to the data value thatcorresponds to the data type associated with the historic external data(or the historic internal data). Critical event prediction engine 113may determine whether the data value that corresponds to the data typeassociated with the external data (or the internal data) is consistentwith (e.g., matches, is within a predetermined range, or the like) thedata value that corresponds to the data type associated with thehistoric external data (or the historic internal data). In someinstances, critical event prediction engine 113 may determine that thedata values are consistent (e.g., match, are within the predeterminedrange, or the like). As such, critical event prediction engine 113 mightnot flag the data value that corresponds to the data type associatedwith the external data (or the internal data). Critical event predictionengine 113 may analyze the remaining external data (or the remaininginternal data), if any.

Alternatively, if, at step 512, critical event prediction engine 113determines that the external data (or the internal data) might not beconsistent with the historical external data (or the historical internaldata), then, at step 513, critical event prediction engine 113 mayidentify the inconsistency between the data value that corresponds tothe data type associated with the external data (or the internal data)and the data value that corresponds to the data type associated with thehistorical external data (or the historical internal data). Criticalevent prediction engine 113 may identify the inconsistency using a keyperformance indicator (KPI). The KPI may specify a feature (e.g.,measurement, parameter, or the like) of the data type that correspondsto the external data (or the internal data) that may be different fromthe same KPI (e.g., measurement, parameter, or the like) of the datatype that corresponds to the historic external data (or the historicinternal data). Critical event prediction engine 113 may flag the KPIthat identifies the inconsistency between the data value thatcorresponds to the data type associated with the external data (or theinternal data) and the data value that corresponds to the data typeassociated with the historic external data (or the historic internaldata).

At step 514, critical event prediction engine 113 may transmit, toblockchain 114, the at least one flagged KPI, the data type and datavalue that correspond to the external data (or the internal data), andthe data type and data value that correspond to the historic externaldata (or the historic internal data).

At step 515, blockchain 114 may receive the at least one flagged KPI,the data type and data value that correspond to the external data (orthe internal data), and the data type and data value that correspond tothe historic external data (or the historic internal data). Inparticular, the smart contracts node on blockchain 114 may receive theat least one flagged KPI, the data type and data value that correspondto the external data (or the internal data), and the data type and datavalue that correspond to the historic external data (or the historicinternal data), and may store the received data in data blocks on theblockchain.

At step 516, enterprise organization computing device 140 may generate aplurality of analysis guidelines. Each team node, of the plurality ofteam nodes on blockchain 114, may use the plurality of analysisguidelines to determine whether a flagged KPI may threaten the securityof the enterprise artifacts. In some instances, the plurality ofanalysis guidelines may instruct each team node to review enterpriseorganization rules specific to the particular team and/or departmentwithin the enterprise organization. The plurality of analysis guidelinesmay instruct each team node to compare the flagged KPI to the enterpriseorganization rules specific to the particular team and/or department todetermine whether the flagged KPI violates at least one enterpriseorganization rule. If the team node determines that the flagged KPIviolates at least one enterprise organization rule, then the pluralityof analysis guidelines may instruct the team node to identify theflagged KPI as a potential threat to the security of the enterpriseartifacts. The plurality of analysis guidelines may further instruct theteam node to identify the at least one enterprise organization rule thatthe flagged KPI may violate. Alternatively, if the team node determinesthat the flagged KPI might not violate the enterprise organizationrules, then the plurality of analysis guidelines may instruct the teamnode to identify the flagged KPI as non-threatening to the security ofthe enterprise artifacts. In some instances, the team node might not beable to determine whether the flagged KPI violates at least oneenterprise organization rule (e.g., due to ambiguities within the atleast one enterprise organization rule, due to a cross reference to atleast one enterprise organization rule associated with a differentand/or additional team and/or department within the enterpriseorganization, or the like). In such instances, the plurality of analysisguidelines may instruct the team node to identify the flagged KPI aspotentially threatening to the security of the enterprise artifacts andto recommend that the flagged KPI undergo manual analysis (e.g., by anagent on the team and/or department that corresponds to the team node).

Enterprise organization computing device 140 may further be configuredto generate a plurality of enterprise artifact protection protocols. Anenterprise artifact protection protocol may comprise a series ofinstructions which, when executed, may protect the enterprise artifactsfrom scenarios that may potentially threaten (e.g., impact, weaken, orthe like) the security of the enterprise artifacts. As such, whenexecuted, the enterprise artifact protection protocols may increaseand/or preserve the security of the enterprise artifacts.

To generate the plurality of enterprise artifact protection protocols,enterprise organization computing device 140 may predict a plurality ofevents that may threaten the security of the enterprise artifacts (e.g.,a power outage at the data center due to an ice storm, CPU usage withinthe enterprise organization approaching maximum CPU capacity, or thelike). To predict the plurality of events that may threaten the securityof the enterprise artifacts, enterprise organization computing device140 may analyze the historic external data and the historic internaldata (e.g., external data and internal data that was previously receivedand processed using the features described herein, or the like).Enterprise organization computing device 140 may determinecountermeasures that, when executed, may protect the enterpriseartifacts and may use the countermeasures to generate the plurality ofenterprise artifact protection protocols. Enterprise organizationcomputing device 140 may draft code, using at least one programminglanguage, that, when executed, may initiate the corresponding enterpriseartifact protection protocol. In some instances, enterprise organizationcomputing device 140 may draft code, using at least one programminglanguage, that corresponds to a sample implementation of at least oneenterprise artifact protection protocol (e.g., a sample implementationof a feature of at least one enterprise artifact protection protocol, orthe like) and that, when executed, may initiate the corresponding sampleimplementation of the enterprise artifact protection protocol.

At step 517, enterprise organization computing device 140 may transmitthe plurality of analysis guidelines and the plurality of enterpriseartifact protection protocols to blockchain 114.

At step 518, blockchain 114 (e.g., the smart contracts node onblockchain 114) may store each analysis guideline, of the plurality ofanalysis guidelines, within a different data block of a plurality ofdata blocks on blockchain 114. Similarly, blockchain 114 (e.g., thesmart contracts node on blockchain 114) may store each enterpriseartifact protection protocol, of the plurality of enterprise artifactprotection protocols, within a different data block of the plurality ofdata blocks on blockchain 114.

At step 519, the smart contracts node on blockchain 114 may use the atleast one flagged KPI, the data type and data value that correspond tothe external data (or the internal data), and the data type and datavalue that correspond to the historic external data (or the historicinternal data) to determine a critical value for each of the at leastone flagged KPIs. The critical value that corresponds to the flagged KPImay indicate a predicted degree of whether and/or how much the flaggedKPI may threaten (e.g., harm, weaken, or the like) the security of theenterprise artifacts. The critical value may be within a predeterminedrange (e.g., a scale from 0.0 to 10.0). A critical value may beassociated with a first level critical value if the critical value iscloser to 0.0. A critical value that may be associated with the firstlevel critical value may indicate that the corresponding flagged KPImight not pose a threat to the security of the enterprise artifacts.Alternatively, a critical value may be associated with a second levelcritical value if the critical value is closer 10.0. A critical valuethat may be associated with the second level critical value may indicatethat the corresponding flagged KPI may pose a threat to the security ofthe enterprise artifacts.

To determine the critical value that corresponds to the flagged KPI, thesmart contracts node may consider a plurality of conditions that maypredict the degree of impact that the flagged KPI may inflict upon theenterprise organization and/or the data center and, by extension, thesecurity of the enterprise artifacts. In some instances, the smartcontracts node may consider the urgency of the flagged KPI (e.g., apredicted amount of time remaining before a natural disaster causes theenterprise organization and/or the data center to experience powerfailure, or the like), the current state of the flagged KPI (e.g.,whether the enterprise organization and/or the data center commencedpower failure recovery procedures, or the like), the predicted wind downperiod of the flagged KPI (e.g., a predicted amount of time until thecompletion of an enterprise operation that may overload the current CPUcapacity, or the like), and/or the likelihood of the flagged KPI passing(e.g., a likelihood of a tornado's path turning away from the enterpriseorganization and/or the data center, or the like).

At step 520, the smart contracts node on blockchain 114 may distributethe at least one flagged KPI and the critical values that correspond tothe at least one flagged KPI to the plurality of team nodes onblockchain 114.

At step 521, the plurality of team nodes on blockchain 114 may receive,from the smart contracts node, the at least one flagged KPI and thecritical value associated with each flagged KPI. Each team node of theplurality of team nodes may use the plurality of analysis guidelines,received by blockchain 114 and from enterprise organization computingdevice 140, to determine whether the flagged KPI may threaten thesecurity of the enterprise artifacts. To do so, in some instances, theplurality of analysis guidelines may instruct each team node to reviewthe enterprise organization rules specific to the particular team and/ordepartment within the enterprise organization. The plurality of analysisguidelines may instruct each team node to compare the flagged KPI to theenterprise organization rules specific to the particular team and/ordepartment to determine whether the flagged KPI may violate at least oneenterprise organization rule.

If the team node determines that the flagged KPI may violate at leastone enterprise organization rule, then the plurality of analysisguidelines may instruct the team node to identify the flagged KPI as apotential threat to the security of the enterprise artifacts. Theplurality of analysis guidelines may further instruct the team node toidentify the at least one enterprise organization rule that the flaggedKPI may violate. Alternatively, if the team node determines that theflagged KPI might not violate the enterprise organization rules, thenthe plurality of analysis guidelines may instruct the team node toidentify the flagged KPI as non-threatening to the security of theenterprise artifacts. In some instances, the team node might not be ableto determine whether the flagged KPI may violate at least one enterpriseorganization rule (e.g., due to ambiguous language within the enterpriseorganization rule, due to a cross reference to at least one enterpriseorganization rule associated with a different team and/or department, orthe like). In such instances, the plurality of analysis guidelines mayinstruct the team node to identify the flagged KPI as potentiallythreatening to the security of the enterprise artifacts and to recommendthat the flagged KPI undergo manual analysis (e.g., by an agent on theteam and/or department that corresponds to the team node, or the like).Each team node of the plurality of team nodes may transmit thedetermination (e.g., that the flagged KPI violates at least oneenterprise organization rule, that the flagged KPI might not violate theenterprise organization rules, that it may be unclear whether theflagged KPI violates at least one enterprise organization rule, or thelike) to the smart contracts node.

Referring to FIG. 5B and at step 522, the smart contracts node onblockchain 114 may receive the determinations from each team node of theplurality of team nodes, and may determine whether there is consensusamong the team nodes.

If, at step 522, the smart contracts node receives, from at least oneteam node of the plurality of team nodes, an indication that the flaggedKPI might not threaten the security of the enterprise artifacts andreceives, from at least one different team node of the plurality of teamnodes, an indication that the flagged KPI may threaten the security ofthe enterprise artifacts (e.g., there might not be consensus among theteam nodes, or the like), then, at step 523, the smart contracts nodemay transmit the flagged KPI and the critical value associated with theflagged KPI to enterprise organization computing device 140. The smartcontracts node may also transmit, to enterprise organization computingdevice 140, instructions to manually analyze the flagged KPI and thecritical value associated with the flagged KPI.

Alternatively, if, at step 522, the smart contracts node receives, fromeach team node of the plurality of team nodes, an indication that theflagged KPI may threaten the security of the enterprise artifacts (e.g.,there may be consensus among the team nodes that the flagged KPI maythreaten the security of the enterprise artifacts), then, at step 524,the smart contracts node may transmit the flagged KPI to digital twinengine 115.

At step 525, digital twin engine 115 may parse the flagged KPI and maydetermine whether at least one enterprise artifact protection protocolthat corresponds to the flagged KPI is stored in blockchain 114.

If, at step 525, digital twin engine 115 determines that blockchain 114might not contain at least one enterprise artifact protection protocolthat corresponds to the flagged KPI, then, at step 526, digital twinengine 115 may transmit the flagged KPI to enterprise organizationcomputing device 140 along with a notification indicating thatblockchain 114 might not contain an enterprise artifact protectionprotocol that addresses the flagged KPI. Digital twin engine 115 mayfurther transmit, to enterprise organization computing device 140, arequest for the flagged KPI to be manually analyzed by a team and/ordepartment within the enterprise organization.

Alternatively, if, at step 525, digital twin engine 115 determines thatat least one enterprise artifact protection protocol that corresponds tothe flagged KPI is stored on blockchain 114, then, at step 527, digitaltwin engine 115 may parse the flagged KPI and may retrieve, fromblockchain 114 and based on the parsing, the at least one enterpriseartifact protection protocol that corresponds to the flagged KPI. The atleast one enterprise artifact protection protocol may comprise a seriesof instructions which, when executed, may protect the enterpriseartifacts from scenarios (e.g., from the flagged KPI, or the like) thatmay potentially threaten (e.g., impact, weaken, or the like) thesecurity of the enterprise artifacts. As such, when executed, theenterprise artifact protection protocol may increase and/or preserve thesecurity of the enterprise artifacts.

Digital twin engine 115 may identify at least one enterprise artifactprotection protocol that corresponds to the flagged KPI (e.g., addressesat least one scenario where the flagged KPI harms the security of theenterprise artifacts, or the like). Digital twin engine 115 may generatea sample implementation of the at least one identified enterpriseartifact protection protocol. To generate the sample implementation,digital twin engine 115 may locate and retrieve, from blockchain 114,code that corresponds to the sample implementation of at least onefeature of the at least one enterprise artifact protection protocol.Digital twin engine 115 may execute the code that corresponds to thesample implementation of the at least one feature of the at least oneenterprise artifact protection protocol. In doing so, digital twinengine 115 may illustrate how the enterprise artifacts may be protectedfrom the flagged KPI (e.g., illustrate how changing the storage locationof the enterprise artifacts may increase the level of securitysurrounding the enterprise artifacts, illustrate how transmitting anenterprise organization operation from a first location to a secondlocation may preserve the power supply associated with the firstlocation, or the like).

At step 528, digital twin engine 115 may transmit the sampleimplementation to blockchain 114. In some instances, digital twin engine115 may transmit the sample implementation to the smart contracts nodeof blockchain 114.

At step 529, the smart contracts node on blockchain 114 may receive,from digital twin engine 115, at least one sample implementation of atleast one feature of at least one enterprise artifact protectionprotocol. The smart contracts node may analyze each sampleimplementation and may elect an enterprise artifact protection protocol,which may be used to safeguard the enterprise artifacts from the flaggedKPI. In some instances, the smart contracts node on blockchain 114 maybe configured to elect (e.g., automatically, or the like) at least oneenterprise artifact protection protocol based on considering a pluralityof conditions. In some instances, the smart contracts node may considerwhether electing a particular enterprise artifact protection protocolmay jeopardize (e.g., negatively affect, or the like) at least oneenterprise artifact (e.g., if transmitting a first enterpriseorganization operation from a first data center to a second data centermay interrupt a second enterprise organization operation, then do notelect the enterprise artifact protection protocol that may transmit thefirst enterprise organization operation from the first data center tothe second data center, or the like). In some instances, the smartcontracts node may consider whether electing a particular enterpriseartifact protection protocol may further threaten the security of theenterprise artifacts (e.g., if initiating a back-up power sequence mayoverload the current power supply capacity within the enterpriseorganization, then do not elect the enterprise artifact protectionprotocol that may initiate the back-up power sequence as that may causethe enterprise organization to experience power failure, or the like).In some instances, the smart contracts node may determine whether aparticular enterprise artifact protection protocol should be electedbased on present conditions and known dangers (e.g., when the locationof a first data center is likely to experience high winds from anincoming hurricane, elect at least one enterprise artifact protectionprotocol that may replicate the enterprise artifacts and transmit thereplicated enterprise artifacts to a second data center since the firstdata center has, historically, been unable to maintain a steady powersupply during hurricane-like winds, or the like). The smart contractsnode may, based on the analysis, elect at least one enterprise artifactprotection protocol.

At step 530, blockchain 114 (e.g., the smart contracts node onblockchain 114) may transmit, to digital twin engine 115, a notificationindicating the at least one elected enterprise artifact protectionprotocol. The smart contracts node may further transmit, to digital twinengine 115, instructions to execute the at least one elected enterpriseartifact protection protocol.

At step 531, digital twin engine 115 may receive, from the smartcontracts node on the blockchain, an indication of at least oneenterprise artifact protection protocol to be executed. Digital twinengine 115 may locate and retrieve, from blockchain 114, code thatcorresponds to the at least one enterprise artifact protection protocolelected by blockchain 114. Digital twin engine 115 may execute the codethat corresponds to the at least one enterprise artifact protectionprotocol elected by blockchain 114.

As a result, the proposed solution may provide the followingbenefits: 1) real-time, or near real-time, monitoring of real-worldconditions and enterprise organization and/or data center conditionsthat may threaten the security of enterprise artifacts; 2) real-time, ornear real-time, analysis of the monitored conditions; 3) real-time, ornear real-time, analysis of at least one enterprise artifact protectionprotocol; and 4) real-time, or near real-time, execution of at least oneenterprise artifact protection protocol based on the monitoredconditions.

One or more aspects of the disclosure may be embodied in computer-usabledata or computer-executable instructions, such as in one or more programmodules, executed by one or more computers or other devices to performthe operations described herein. Generally, program modules includeroutines, programs, objects, components, data structures, and the likethat perform particular tasks or implement particular abstract datatypes when executed by one or more processors in a computer or otherdata processing device. The computer-executable instructions may bestored as computer-readable instructions on a computer-readable mediumsuch as a hard disk, optical disk, removable storage media, solid-statememory, RAM, and the like. The functionality of the program modules maybe combined or distributed as desired in various embodiments. Inaddition, the functionality may be embodied in whole or in part infirmware or hardware equivalents, such as integrated circuits,application-specific integrated circuits (ASICs), field programmablegate arrays (FPGA), and the like. Particular data structures may be usedto more effectively implement one or more aspects of the disclosure, andsuch data structures are contemplated to be within the scope of computerexecutable instructions and computer-usable data described herein.

Various aspects described herein may be embodied as a method, anenterprise computing platform, or as one or more non-transitorycomputer-readable media storing instructions. Accordingly, those aspectsmay take the form of an entirely hardware embodiment, an entirelysoftware embodiment, an entirely firmware embodiment, or an embodimentcombining software, hardware, and firmware aspects in any combination.In addition, various signals representing data or events as describedherein may be transferred between a source and a destination in the formof light or electromagnetic waves traveling through signal-conductingmedia such as metal wires, optical fibers, or wireless transmissionmedia (e.g., air or space).

As described herein, the various methods and acts may be operativeacross one or more computing servers and one or more networks. Thefunctionality may be distributed in any manner, or may be located in asingle computing device (e.g., a server, a user computer, and the like).For example, in alternative embodiments, one or more of the computingplatforms discussed above may be combined into a single computingplatform, and the various functions of each computing platform may beperformed by the single computing platform. In such arrangements, anyand/or all of the above-discussed communications between computingplatforms may correspond to data being accessed, moved, modified,updated, and/or otherwise used by the single computing platform.Additionally or alternatively, one or more of the computing platformsdiscussed above may be implemented in one or more virtual machines thatare provided by one or more physical computing devices. In sucharrangements, the various functions of each computing platform may beperformed by the one or more virtual machines, and any and/or all of theabove-discussed communications between computing platforms maycorrespond to data being accessed, moved, modified, updated, and/orotherwise used by the one or more virtual machines.

Aspects of the disclosure have been described in terms of illustrativeembodiments thereof. Numerous other embodiments, modifications, andvariations within the scope and spirit of the appended claims will occurto persons of ordinary skill in the art from a review of thisdisclosure. For example, one or more of the steps depicted in theillustrative figures may be performed in other than the recited order,and one or more depicted steps may be optional in accordance withaspects of the disclosure.

What is claimed is:
 1. A method comprising: at a computing deviceincluding one or more processors and memory: receiving, from a pluralityof external devices, a stream of external data that includes real-worldconditions; receiving, from a plurality of internal devices, a stream ofinternal data that includes conditions associated with an enterpriseorganization; parsing the external data and the internal data;identifying, based on the parsing, a plurality of data types and aplurality of data values that correspond to the external data and theinternal data; determining whether the external data is consistent withhistoric external data; based on determining the external data isinconsistent with the historic external data, flagging at least one keyperformance indicator; determining at least one critical value thatcorresponds to the at least one flagged key performance indicator;determining whether the at least one flagged key performance indicatorcorresponds to at least one enterprise artifact protection protocol;based on determining that the at least one flagged key performanceindicator corresponds to the at least one enterprise artifact protectionprotocol, generating, using a digital twin engine, sampleimplementations of the at least one enterprise artifact protectionprotocol; analyzing the sample implementations of the at least oneenterprise artifact protection protocol; and executing, based on theanalysis, an enterprise artifact protection protocol.
 2. The method ofclaim 1, further comprising determining whether the internal data isconsistent with historic internal data.
 3. The method of claim 2,wherein the flagging the at least one key performance indicator isfurther based on determining the internal data is inconsistent with thehistoric internal data.
 4. The method of claim 3, wherein the at leastone key performance indicator identifies at least one of: aninconsistency between the external data and the historic external data;or an inconsistency between the internal data and the historic internaldata.
 5. The method of claim 2, further comprising, based on determiningthe internal data is consistent with the historic internal data,comparing the internal data to the historic internal data.
 6. The methodof claim 2, further comprising generating a data structure that displaysthe external data, the internal data, the historic external data, andthe historic internal data.
 7. The method of claim 2, wherein thedetermining whether the internal data is consistent with the historicinternal data comprises comparing a plurality of internal data types anda plurality of internal data values to historic internal data types andhistoric internal data values.
 8. The method of claim 1, furthercomprising, based on determining the external data is consistent withthe historic external data, comparing the external data to the historicexternal data.
 9. The method of claim 1, wherein the determining the atleast one critical value that corresponds to the at least one flaggedkey performance indicator comprises using at least a portion of ablockchain that is configured to operate in a peer-to-peer (P2P)network, and wherein the blockchain comprises a plurality of team nodes.10. The method of claim 9, further comprising: distributing, using asmart contract node on the blockchain, the at least one critical valuethat corresponds to the at least one flagged key performance indicatorto the plurality of team nodes; and analyzing, using the plurality ofteam nodes, the at least one flagged key performance indicator using aplurality of analysis guidelines.
 11. The method of claim 10, whereinthe determining whether the at least one flagged key performanceindicator corresponds to the at least one enterprise artifact protectionprotocol comprises determining, by the plurality of team nodes, whetherthe at least one flagged key performance indicator and the at least onecorresponding critical value satisfy the plurality of analysisguidelines.
 12. The method of claim 10, further comprising executing theat least one enterprise artifact protection protocol based on each teamnode, of the plurality of team nodes, determining the at least oneflagged key performance indicator harms the enterprise artifacts. 13.The method of claim 10, further comprising transmitting the at least oneflagged key performance indicator to an enterprise organizationcomputing device based on: at least one team node, of the plurality ofteam nodes, determining the at least one flagged key performanceindicator harms the enterprise artifacts; and at least one team node, ofthe plurality of team nodes, determining the at least one flagged keyperformance indicator does not harm the enterprise artifacts.
 14. Themethod of claim 1, wherein the determining whether the external data isconsistent with the historic external data comprises comparing aplurality of external data types and a plurality of external data valuesto historic external data types and historic external data values.
 15. Acomputing platform comprising: at least one processor; a communicationinterface communicatively coupled to the at least one processor; andmemory storing computer-readable instructions that, when executed by theat least one processor, cause the computing platform to: receive, from aplurality of external devices, a stream of external data that includesreal-world conditions; receive, from a plurality of internal devices, astream of internal data that includes conditions associated with anenterprise organization; parse the external data and the internal data;identify, based on the parsing, a plurality of data types and aplurality of data values that correspond to the external data and theinternal data; determine whether the external data is consistent withhistoric external data; based on determining the external data isinconsistent with the historic external data, flag at least one keyperformance indicator; determine at least one critical value thatcorresponds to the at least one flagged key performance indicator;determine whether the at least one flagged key performance indicatorcorresponds to at least one enterprise artifact protection protocol;based on determining that the at least one flagged key performanceindicator corresponds to the at least one enterprise artifact protectionprotocol, generate, using a digital twin engine, sample implementationsof the at least one enterprise artifact protection protocol; analyze thesample implementations of the at least one enterprise artifactprotection protocol; and execute, based on the analysis, an enterpriseartifact protection protocol.
 16. The computing platform of claim 15,wherein the instructions, when executed, further cause the computingplatform to determine whether the internal data is consistent withhistoric internal data.
 17. The computing platform of claim 16, whereinthe flagging the at least one key performance indicator is further basedon determining the internal data is inconsistent with the historicinternal data.
 18. One or more non-transitory computer-readable mediastoring instructions that, when executed by a computing platformcomprising at least one processor, memory, and a communicationinterface, cause the computing platform to: receive, from a plurality ofexternal devices, a stream of external data that includes real-worldconditions; receive, from a plurality of internal devices, a stream ofinternal data that includes conditions associated with an enterpriseorganization; parse the external data and the internal data; identify,based on the parsing, a plurality of data types and a plurality of datavalues that correspond to the external data and the internal data;determine whether the external data is consistent with historic externaldata; based on determining the external data is inconsistent with thehistoric external data, flag at least one key performance indicator;determine at least one critical value that corresponds to the at leastone flagged key performance indicator; determine whether the at leastone flagged key performance indicator corresponds to at least oneenterprise artifact protection protocol; based on determining that theat least one flagged key performance indicator corresponds to the atleast one enterprise artifact protection protocol, generate, using adigital twin engine, sample implementations of the at least oneenterprise artifact protection protocol; analyze the sampleimplementations of the at least one enterprise artifact protectionprotocol; and execute, based on the analysis, an enterprise artifactprotection protocol.
 19. The non-transitory computer-readable media ofclaim 18, wherein the instructions, when executed, further cause thecomputing platform to determine whether the internal data is consistentwith historic internal data.
 20. The non-transitory computer-readablemedia of claim 19, wherein the flagging the at least one key performanceindicator is further based on determining the internal data isinconsistent with the historic internal data.